Documente Academic
Documente Profesional
Documente Cultură
www.procurve.com
Installation and Basic Configuration
Guide
for ProCurve 9300 Series Routing Switches
ii
Contents
Chapter 1
Getting Started ........................................................................................ 1-1
Introduction ...............................................................................................................................................1-1
Software Versions Covered ......................................................................................................................1-1
Audience ...................................................................................................................................................1-1
Conventions ..............................................................................................................................................1-1
Terminology ..............................................................................................................................................1-2
Support and Warranty Information ...........................................................................................................1-2
Chapter 2
Installation ............................................................................................... 2-1
Unpacking a System .................................................................................................................................2-1
Package Contents ..............................................................................................................................2-1
General Requirements .......................................................................................................................2-1
Installation Procedures .............................................................................................................................2-2
Summary ............................................................................................................................................2-2
Installation Precautions ......................................................................................................................2-3
Preparing the Installation Site ...................................................................................................................2-4
Cabling Infrastructure .........................................................................................................................2-4
Installation Location ...........................................................................................................................2-4
Installing (or Removing) Optional Modules ...............................................................................................2-4
Installing Modules ..............................................................................................................................2-4
Removing Modules ............................................................................................................................2-5
Installing and Removing (Optional) Mini-GBICs .......................................................................................2-6
Software Version and Management Module Requirement ................................................................2-6
Installing or Removing a Mini-GBIC ...................................................................................................2-6
Installation Notes ................................................................................................................................2-7
Software Support for Mini-GBIC Ports ...............................................................................................2-7
Removing and Installing XENPAK Optics ................................................................................................2-7
Removing a XENPAK Optic ...............................................................................................................2-7
Installing a XENPAK Optic .................................................................................................................2-8
Software Support for XENPAK Optics ...............................................................................................2-8
Cleaning the Fiber Optic Connectors .......................................................................................................2-8
Installing (or Removing) Redundant Power Supplies ...............................................................................2-8
Determining Power Supply Status .....................................................................................................2-8
Installing Power Supplies ...................................................................................................................2-9
Removing Power Supplies ...............................................................................................................2-10
Verifying Proper Operation .....................................................................................................................2-12
Attaching a PC or Terminal ....................................................................................................................2-13
Attaching a PC or Terminal Using a Serial Port ...............................................................................2-13
Attaching a PC or Terminal Using a Direct LAN Connection ...........................................................2-13
Assigning a Permanent Password ..........................................................................................................2-15
How To Assign a Password .............................................................................................................2-16
Assign a Permanent IP Address .............................................................................................................2-17
Mounting the Device ...............................................................................................................................2-18
Desktop Installation ..........................................................................................................................2-18
Rack Mount Installation ....................................................................................................................2-19
Connecting Power to the Device ............................................................................................................2-20
Connecting Network Devices .................................................................................................................2-20
Connectors .......................................................................................................................................2-21
Connecting to Other Switches, Routing Switches, and Ethernet Hubs ............................................2-22
Connecting to Workstations, Servers or Routing Switches ..............................................................2-23
Troubleshooting Network Connections ............................................................................................2-23
iv June 2005
Contents
Chapter 3
Using Redundant Management Modules.............................................. 3-1
Configuration Considerations ...................................................................................................................3-1
Temperature Sensor .................................................................................................................................3-1
Switchover ................................................................................................................................................3-2
Management Sessions .......................................................................................................................3-2
Syslog and SNMP Traps ....................................................................................................................3-2
MAC Address Changes ......................................................................................................................3-2
Configuring the Redundant Management Parameters .............................................................................3-3
Installing Redundant Management Modules ......................................................................................3-3
Determining Redundant Management Module Status .......................................................................3-7
Displaying Switchover Messages .......................................................................................................3-9
File Synchronization Between the Active and Standby Redundant Management Modules .............3-10
Switching Over to the Standby Redundant Management Module ...................................................3-15
Chapter 4
Using the T-Flow Redundant Management Module............................. 4-1
Overview ...................................................................................................................................................4-1
Management and Co-Processing CPUs ............................................................................................4-1
Temperature Sensor ..........................................................................................................................4-2
Management Redundancy .................................................................................................................4-2
TSP Load Sharing ..............................................................................................................................4-3
Changing the Management Session from the MP to a TSP .....................................................................4-8
Logging In to a TSP ...........................................................................................................................4-8
Logging Out from the TSP .................................................................................................................4-8
TSP Commands .................................................................................................................................4-8
Displaying T-Flow Module Information .....................................................................................................4-9
Displaying the Software Version Running on the Module ..................................................................4-9
Displaying the Software Versions Installed on the Module ..............................................................4-10
Displaying General Module Information ...........................................................................................4-11
Determining Module Status ..............................................................................................................4-12
Determining the Slot Allocations for the TSPs .................................................................................4-14
June 2005 v
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Chapter 5
Using the 2-Port 10-Gigabit Ethernet Module ...................................... 5-1
1-Port 10 Gigabit Ethernet Module (Discontinued) ...................................................................................5-1
System Requirements ........................................................................................................................5-2
Hardware on the 1-Port 10 Gigabit Ethernet Module .........................................................................5-2
Features Not Supported on the 1-Port 10 Gigabit Ethernet Module ..................................................5-2
Replacing the Optics on the 1-Port 10 Gigabit Ethernet Module .......................................................5-2
2-Port 10-Gigabit Ethernet Modules with XENPAK Optics .......................................................................5-2
System Requirements ........................................................................................................................5-3
Hardware on the XENPAK-Based 10 Gigabit Ethernet Module .........................................................5-3
Features Not Supported on XENPAK-based 10 Gigabit Ethernet Modules .......................................5-3
Cleaning the Fiber Optic Connectors .......................................................................................................5-3
Cabling 10 Gigabit Ethernet Modules .......................................................................................................5-3
Port LEDs .................................................................................................................................................5-4
Troubleshooting Network Connections .....................................................................................................5-4
Link Fault Signaling (LFS) ........................................................................................................................5-5
Determining the 10 Gigabit Ethernet Module Installed in Your System .............................................5-6
Configuring Link Fault Signalling ........................................................................................................5-6
Remote Fault Notification (RFN) on Fiber Connections ...........................................................................5-6
Configuration Notes ...........................................................................................................................5-7
RFN Enhancements in 07.8.00 ..........................................................................................................5-7
Enabling Remote Fault Notification ....................................................................................................5-7
Viewing Which Fiber Ports Have RFN Enabled .................................................................................5-8
Upgrading an FPGA on a 10 Gigabit Ethernet Module ............................................................................5-8
Displaying the Installed FPGA Revisions ...........................................................................................5-9
Chapter 6
Configuring Basic Features ................................................................... 6-1
Using the Web Management Interface for Basic Configuration Changes ................................................6-2
Configuring Basic System Parameters .....................................................................................................6-3
Entering System Administration Information ......................................................................................6-3
Configuring Simple Network Management (SNMP) Parameters .......................................................6-4
Configuring an Interface as the Source for All Telnet Packets .........................................................6-10
Cancelling an Outbound Telnet Session ..........................................................................................6-11
Configuring an Interface as the Source for All TFTP Packets ..........................................................6-11
Specifying a Simple Network Time Protocol (SNTP) Server ............................................................6-11
Setting the System Clock .................................................................................................................6-13
Changing the Default Gigabit Negotiation Mode ..............................................................................6-15
Limiting Broadcast, Multicast, or Unknown-Unicast Rates ...............................................................6-17
Configuring CLI Banners ..................................................................................................................6-18
Configuring Terminal Display ...........................................................................................................6-19
Checking the Length of Terminal Displays .......................................................................................6-20
Configuring Basic Port Parameters ........................................................................................................6-20
Assigning a Port Name ....................................................................................................................6-22
Modifying Port Speed .......................................................................................................................6-23
vi June 2005
Contents
Chapter 7
Configuring Trunk Groups
and Dynamic Link Aggregation ............................................................ 7-1
Configuring Trunk Groups ........................................................................................................................7-1
Trunk Group Connectivity to a Server ................................................................................................7-2
Trunk Group Rules .............................................................................................................................7-3
Trunk Group Load Sharing .................................................................................................................7-8
Configuring a Trunk Group ...............................................................................................................7-11
Additional Trunking Options .............................................................................................................7-15
Server Trunk Group Load Sharing Enhancements and Options
(Release 07.7.00 and Higher) ...................................................................................................7-17
Enabling Optimized Server Trunk Load Balancing (T-Flow only) ....................................................7-19
Displaying Trunk Group Configuration Information ..........................................................................7-22
Dynamic Link Aggregation ......................................................................................................................7-27
Usage Notes ....................................................................................................................................7-27
Configuration Rules ..........................................................................................................................7-27
802.3ad Enhancements in Release 07.6.04 ....................................................................................7-29
Chapter 8
Configuring Spanning Tree Protocol (STP)
and Advanced STP Features ................................................................. 8-1
Configuring Standard STP Parameters ....................................................................................................8-1
STP Parameters and Defaults ...........................................................................................................8-2
Enabling or Disabling the Spanning Tree Protocol (STP) ..................................................................8-3
Changing STP Bridge and Port Parameters ......................................................................................8-4
Displaying STP Information ................................................................................................................8-8
Configuring Advanced STP Features .....................................................................................................8-19
Fast Port Span .................................................................................................................................8-19
Fast Uplink Span ..............................................................................................................................8-21
802.1W Rapid Spanning Tree (RSTP) .............................................................................................8-22
802.1W Draft 3 .................................................................................................................................8-58
Single Spanning Tree (SSTP) ..........................................................................................................8-62
SuperSpan™ ....................................................................................................................................8-64
STP per VLAN Group .......................................................................................................................8-71
PVST/PVST+ Compatibility ....................................................................................................................8-75
PVST/PVST+ Compatibility – 07.6.04 and Later .............................................................................8-75
PVST/PVST+ Compatibility – Earlier Than 07.6.01b .......................................................................8-81
Chapter 9
Configuring Uni-Directional Link Detection (UDLD) ............................ 9-1
Configuration Considerations ...................................................................................................................9-1
Configuring UDLD ....................................................................................................................................9-2
Changing the Keepalive Interval ........................................................................................................9-2
Changing the Keepalive Retries .........................................................................................................9-2
UDLD for Tagged Ports ......................................................................................................................9-2
Displaying UDLD Information ...................................................................................................................9-3
Displaying Information for All Ports ....................................................................................................9-3
Displaying Information for a Single Port .............................................................................................9-4
Clearing UDLD Statistics ..........................................................................................................................9-5
Chapter 10
Configuring Metro Features................................................................. 10-1
Topology Groups ....................................................................................................................................10-1
Master VLAN and Member VLANs ..................................................................................................10-2
Control Ports and Free Ports ...........................................................................................................10-2
Configuration Considerations ...........................................................................................................10-2
Configuring a Topology Group .........................................................................................................10-3
Displaying Topology Group Information ...........................................................................................10-3
Chapter 11
Configuring Virtual LANs (VLANs)...................................................... 11-1
Overview .................................................................................................................................................11-1
Types of VLANs ...............................................................................................................................11-1
Default VLAN ...................................................................................................................................11-4
802.1q Tagging ................................................................................................................................11-5
Spanning Tree Protocol (STP) .........................................................................................................11-7
Virtual Routing Interfaces .................................................................................................................11-8
VLAN and Virtual Routing Interface Groups ....................................................................................11-8
Dynamic, Static, and Excluded Port Membership ............................................................................11-8
Super Aggregated VLANs ..............................................................................................................11-10
Trunk Group Ports and VLAN Membership ...................................................................................11-11
Summary of VLAN Configuration Rules .........................................................................................11-11
Routing Between VLANs ......................................................................................................................11-11
Virtual Routing Interfaces ..............................................................................................................11-12
Bridging and Routing the Same Protocol Simultaneously
on the Same Device ................................................................................................................11-12
Routing Between VLANs Using Virtual Routing Interfaces ............................................................11-12
Dynamic Port Assignment ..............................................................................................................11-13
Assigning a Different VLAN ID to the Default VLAN ......................................................................11-13
Assigning Trunk Group Ports .........................................................................................................11-13
Configuring Port-Based VLANs ......................................................................................................11-13
Modifying a Port-Based VLAN .......................................................................................................11-17
Configuring IP Subnet, IPX Network and Protocol-Based VLANs ........................................................11-20
Configuration Example ...................................................................................................................11-20
June 2005 ix
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Chapter 12
Configuring IP Multicast Traffic Reduction ........................................ 12-1
Enabling IP Multicast Traffic Reduction ..................................................................................................12-1
Changing the IGMP Mode ................................................................................................................12-2
Disabling IGMP on Individual Ports ..................................................................................................12-3
Modifying the Query Interval ............................................................................................................12-4
Modifying the Age Interval ................................................................................................................12-4
x June 2005
Contents
Chapter 13
Configuring
GARP VLAN Registration Protocol (GVRP)........................................ 13-1
Application Examples .............................................................................................................................13-1
Dynamic Core and Fixed Edge ........................................................................................................13-2
Dynamic Core and Dynamic Edge ...................................................................................................13-3
Fixed Core and Dynamic Edge ........................................................................................................13-4
Fixed Core and Fixed Edge .............................................................................................................13-4
VLAN Names ..........................................................................................................................................13-4
Configuration Considerations .................................................................................................................13-4
Configuring GVRP ..................................................................................................................................13-5
Changing the GVRP Base VLAN ID ................................................................................................13-5
Increasing the Maximum Configurable Value of the Leaveall Timer ................................................13-6
Enabling GVRP ................................................................................................................................13-6
Disabling VLAN Advertising .............................................................................................................13-6
Disabling VLAN Learning .................................................................................................................13-7
Changing the GVRP Timers .............................................................................................................13-7
Converting a VLAN Created by GVRP into a Statically-Configured VLAN .............................................13-8
Displaying GVRP Information .................................................................................................................13-9
Displaying GVRP Configuration Information ....................................................................................13-9
Displaying GVRP VLAN Information ..............................................................................................13-12
Displaying GVRP Statistics ............................................................................................................13-14
Displaying CPU Utilization Statistics ..............................................................................................13-15
Displaying GVRP Diagnostic Information .......................................................................................13-17
Clearing GVRP Statistics ......................................................................................................................13-17
CLI Examples .......................................................................................................................................13-17
Dynamic Core and Fixed Edge ......................................................................................................13-17
Dynamic Core and Dynamic Edge .................................................................................................13-18
Fixed Core and Dynamic Edge ......................................................................................................13-19
Fixed Core and Fixed Edge ...........................................................................................................13-19
Chapter 14
Enabling the FDP and Reading
Cisco Discovery Protocol (CDP) Packets........................................... 14-1
Using FDP ..............................................................................................................................................14-1
Configuring FDP ...............................................................................................................................14-1
Displaying FDP Information .............................................................................................................14-2
Clearing FDP and CDP Information .................................................................................................14-5
June 2005 xi
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Chapter 15
Updating Software Images and
Configuration Files ............................................................................... 15-1
Determining the Software Versions Installed and Running on a Device ................................................15-1
Determining the Flash Image Version Running on the Device ........................................................15-1
Determining the Boot Image Version Running on the Device ..........................................................15-2
Determining the Image Versions Installed in Flash Memory ............................................................15-2
Image File Types ....................................................................................................................................15-2
Upgrading Software in Release 07.6.04 and Later .................................................................................15-3
Upgrading Software (Non-T-Flow) ..........................................................................................................15-3
Upgrading the Boot Code .................................................................................................................15-4
Upgrading the Flash Code ...............................................................................................................15-4
Upgrading Software (T-Flow) .................................................................................................................15-5
Upgrading the MP Boot Code ..........................................................................................................15-5
Upgrading the TSP Boot Code .........................................................................................................15-5
Upgrading the MP Flash Code .........................................................................................................15-6
Upgrading the TSP Flash Code .......................................................................................................15-6
Changing the Default Boot Source ...................................................................................................15-7
Using SNMP to Upgrade Software .........................................................................................................15-8
Upgrading Switching Processors on a Routing Switch ....................................................................15-8
Changing the Block Size for TFTP File Transfers ..................................................................................15-9
Rebooting .............................................................................................................................................15-10
Loading and Saving Configuration Files ...............................................................................................15-11
Replacing the Startup Configuration with the Running Configuration ............................................15-12
Replacing the Running Configuration with the Startup Configuration ............................................15-12
Logging Changes to the Startup-Config File ..................................................................................15-12
Copying a Configuration File to or from a TFTP Server .................................................................15-13
Dynamic Configuration Loading .....................................................................................................15-14
Maximum File Sizes for Startup-Config File and Running-Config ..................................................15-16
Using SNMP to Save and Load Configuration Information ............................................................15-17
Erasing Image and Configuration Files ..........................................................................................15-18
Scheduling a System Reload ...............................................................................................................15-18
Reloading at a Specific Time .........................................................................................................15-18
Reloading after a Specific Amount of Time ....................................................................................15-19
Displaying the Amount of Time Remaining Before a Scheduled Reload .......................................15-19
Canceling a Scheduled Reload ......................................................................................................15-19
Diagnostic Error Codes and Remedies for TFTP Transfers .................................................................15-20
APPENDIX A
Using Syslog ...........................................................................................A-1
Overview .................................................................................................................................................. A-1
Displaying Syslog Messages ................................................................................................................... A-2
Configuring the Syslog Service ............................................................................................................... A-3
Displaying the Syslog Configuration ................................................................................................. A-3
Displaying and Configuring Syslog Buffer Parameters Using the Web
Management Interface ................................................................................................................ A-7
Disabling or Re-Enabling Syslog ....................................................................................................... A-9
Specifying a Syslog Server ............................................................................................................... A-9
Specifying an Additional Syslog Server ............................................................................................ A-9
Disabling Logging of a Message Level ........................................................................................... A-10
Changing the Number of Entries the Local Buffer Can Hold ........................................................... A-10
Changing the Log Facility ................................................................................................................ A-11
Displaying the Interface Name in Syslog Messages ....................................................................... A-12
Clearing the Syslog Messages from the Local Buffer ..................................................................... A-12
Displaying TCP/UDP Port Numbers in Syslog Messages .............................................................. A-12
Syslog Messages .................................................................................................................................. A-13
APPENDIX B
Enhanced Performance (EP) Chassis Modules ...................................B-1
Determining Your Device Type ................................................................................................................ B-1
EP Modules ............................................................................................................................................. B-1
The EP Management Module .................................................................................................................. B-2
Hardware Overview ........................................................................................................................... B-2
J4885A EP Management Module ..................................................................................................... B-3
EP Gigabit Ethernet Forwarding Module ................................................................................................. B-4
J4895A 16-Port Forwarding Module ................................................................................................. B-4
EP 10/100 Ethernet Forwarding Modules ................................................................................................ B-4
J4881A/B 48-Port Enterprise Forwarding Module ............................................................................. B-4
J4889A/B 48-Port Telco Forwarding Module .................................................................................... B-5
Configuration Considerations .................................................................................................................. B-7
APPENDIX C
Software Specifications .........................................................................C-1
IEEE Compliance .................................................................................................................................... C-1
RFC Support ............................................................................................................................................ C-2
Internet Drafts .......................................................................................................................................... C-4
APPENDIX D
Hardware Specifications ........................................................................D-1
Control Features ...................................................................................................................................... D-1
Control Panels ................................................................................................................................... D-1
Ports .................................................................................................................................................. D-2
LEDs ................................................................................................................................................. D-3
APPENDIX E
Cautions and Warnings..........................................................................E-1
Cautions .................................................................................................................................................. E-1
Warnings ................................................................................................................................................. E-7
INDEX ..................................................................................................Index-1
NOTE: HP periodically updates the ProCurve 9300/9400 Series Routing Switch documentation. For the latest
version of any of these publications, visit the ProCurve website at:
http://www.procurve.com
NOTE: All manuals listed below are available on the ProCurve website, and also on the Documentation CD
shipped with your HP product.
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
This is an electronic (PDF) guide containing product safety and EMC regulatory statements as well as installation
and basic configuration information, and software and hardware specifications.
Topics Specific to the 9300 Series Routing Switches
• Product mounting instructions
• Module installation
• Basic access and connectivity configuration (passwords, IP addresses)
• Redundant management module commands and file systems
• Cooling system commands and information
• Basic software feature configuration (SNMP, clock, mirror/monitor ports)
• Configuring for these features:
• Uni-Directional Link Detection (UDLD)
• Metro Ring Protocol (MRP)
• Virtual Switch Redundancy Protocol (VSRP)
• GVRP (dynamic VLANs)
• Software update instructions
• Hardware specs
• Software specs (e.g. RFC support, IEEE compliance)
June 2005 xv
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Information on Configuring Features for 9300 Series and 9408sl Routing Switches
• Port settings
• VLANS
• Trunks
• Spanning Tree Protocol
• Syslog
Quick Start Guide for ProCurve 9300 Series Routing Switches
This is a printed guide you can use as an easy reference to the installation and product safety information needed
for out-of-box setup, plus the general product safety and EMC regulatory statements of which you should be
aware when installing and using a Routing Switch.
Installation and Basic Configuration Guide for the ProCurve 9408sl Routing Switch
This is a printed guide that describes the ProCurve 9408sl and provides procedures for installing modules and AC
power supplies into the ProCurve 9408sl, cabling the 10-Gigabit Ethernet interface ports, and performing a basic
configuration of the software.
Topics Specific to the 9408sl Routing Switch
• Product overview and architecture
• Product mounting instructions
• Module installation
• Basic access and connectivity configuration (passwords, IP addresses)
• Management Module redundancy and file systems
• Interacting with the cooling system, switch fabric module, and interface modules
• Basic software feature configuration (SNMP, clock, mirror/monitor ports)
• Hardware maintenance instructions
• Software update instructions
• Hardware specs
• Safety and regulatory statements
• Software specs (e.g. RFC support, IEEE compliance)
Advanced Configuration and Management Guide for ProCurve 9300/9400 Series Routing Switches
This is an electronic (PDF) guide that contains advanced configuration information for routing protocols and
Quality of Service (QoS). In addition, appendixes in this guide contain reference information for network
monitoring, policies, and filters.
Information on Configuring Features
• Quality of Service (QoS)
• Access Control Lists (ACLs)
• Rate limiting
• IPv4 routing
• RIP
• IP Multicast
• OSPF
• BGP4
• Multi-protocol BGP (MBGP)
• Network Address Translation (NAT)
Safety Information
Grounding
These are safety class I products and have protective earthing terminals. There must be an uninterruptible safety
earth ground from the main power source to the product's input wiring terminals, power cord, or supplied power
cord set. Whenever it is likely that the protection has been impaired, disconnect the power cord until the ground
has been restored.
For LAN cable grounding:
• If your LAN covers an area served by more than one power distribution system, be sure their safety grounds
are securely interconnected.
• LAN cables may occasionally be subject to hazardous transient voltages (such as lightning or disturbances in
the electrical utilities power grid). Handle exposed metal components of the network with caution.
Servicing
There are no user-serviceable parts inside these products. Any servicing, adjustment, maintenance, or repair
must be performed only by service-trained personnel.
These products do not have a power switch; they are powered on when the power cord is plugged in.
Cet appareil est un produit de classe I et possède une borne de mise à la terre. La source d'alimentation
principale doit être munie d'une prise de terre de sécurité installée aux bornes du câblage d'entrée, sur le cordon
d'alimentation ou le cordon de raccordement fourni avec le produit. Lorsque cette protection semble avoir été
endommagée, débrancher le cordon d'alimentation jusqu'à ce que la mise à la terre ait été réparée.
Mise à la terre du câble de réseau local:
• si votre réseau local s'étend sur une zone desservie par plus d'un système de distribution de puissance,
assurez-vous que les prises de terre de sécurité soient convenablement interconnectées.
• Les câbles de réseaux locaux peuvent occasionnellement être soumis à des surtensions transitoires
dangereuses (telles que la foudre ou des perturbations dans le réseau d'alimentation public). Manipulez les
composants métalliques du réseau avec précautions.
Aucune pièce contenue à l'intérieur de ce produit ne peut être réparée par l'utilisateur. Tout dépannage, réglage,
entretien ou réparation devra être confié exclusivement à un personnel qualifié.
Cet appareil ne comporte pas de commutateur principal ; la mise sous tension est effectuée par branchement du
cordon d'alimentation.
xx June 2005
Hinweise zur Sicherheit
Dies ist ein Gerät der Sicherheitsklasse I und verfügt über einen schützenden Erdungsterminal. Der Betrieb des
Geräts erfordert eine ununterbrochene Sicherheitserdung von der Hauptstromquelle zu den
Geräteingabeterminals, den Netzkabeln oder dem mit Strom belieferten Netzkabelsatz voraus. Sobald Grund zur
Annahme besteht, daß der Schutz beeinträchtigt worden ist, das Netzkabel aus der Wandsteckdose
herausziehen, bis die Erdung wiederhergestellt ist.
Für LAN-Kabelerdung:
• Wenn Ihr LAN ein Gebiet umfaßt, das von mehr als einem Stromverteilungssystem beliefert wird, müssen Sie
sich vergewissern, daß die Sicherheitserdungen fest untereinander verbunden sind.
• LAN-Kabel können gelegentlich gefährlichen Übergangsspannungen ausgesetzt werden (beispielsweise
durch Blitz oder Störungen in dem Starkstromnetz des Elektrizitätswerks). Bei der Handhabung exponierter
Metallbestandteile des Netzwerkes Vorsicht walten lassen.
Dieses Gerät enthält innen keine durch den Benutzer zu wartenden Teile. Wartungs-, Anpassungs-,
Instandhaltungs- oder Reparaturarbeiten dürfen nur von geschultem Bedienungspersonal durchgeführt werden.
Dieses Gerät hat keinen Netzschalter; es wird beim Anschließen des Netzkabels eingeschaltet.
Questo prodotto è omologato nella classe di sicurezza I ed ha un terminale protettivo di collegamento a terra.
Dev'essere installato un collegamento a terra di sicurezza, non interrompibile che vada dalla fonte d'alimentazione
principale ai terminali d'entrata, al cavo d'alimentazione oppure al set cavo d'alimentazione fornito con il prodotto.
Ogniqualvolta vi sia probabilità di danneggiamento della protezione, disinserite il cavo d'alimentazione fino a
quando il collegaento a terra non sia stato ripristinato.
Per la messa a terra dei cavi LAN:
• se la vostra LAN copre un'area servita da più di un sistema di distribuzione elettrica, accertatevi che i
collegamenti a terra di sicurezza siano ben collegati fra loro;
• i cavi LAN possono occasionalmente andare soggetti a pericolose tensioni transitorie (ad esempio, provocate
da lampi o disturbi nella griglia d'alimentazione della società elettrica); siate cauti nel toccare parti esposte in
metallo della rete.
Nessun componente di questo prodotto può essere riparato dall'utente. Qualsiasi lavoro di riparazione, messa a
punto, manutenzione o assistenza va effettuato esclusivamente da personale specializzato.
Questo apparato non possiede un commutatore principale; si mette scotto tensione all'inserirsi il cavo
d'alimentazione.
Este aparato se enmarca dentro de la clase I de seguridad y se encuentra protegido por una borna de puesta a
tierra. Es preciso que exista una puesta a tierra continua desde la toma de alimentación eléctrica hasta las bornas
de los cables de entrada del aparato, el cable de alimentación o el juego de cable de alimentación suministrado.
Si existe la probabilidad de que la protección a tierra haya sufrido desperfectos, desenchufar el cable de
alimentación hasta haberse subsanado el problema.
Puesta a tierra del cable de la red local (LAN):
• Si la LAN abarca un área cuyo suministro eléctrico proviene de más de una red de distribución de
electricidad, cerciorarse de que las puestas a tierra estén conectadas entre sí de modo seguro.
• Es posible que los cables de la LAN se vean sometidos de vez en cuando a voltajes momentáneos que
entrañen peligro (rayos o alteraciones en la red de energía eléctrica). Manejar con precaución los
componentes de metal de la LAN que estén al descubierto.
Este aparato no contiene pieza alguna susceptible de reparación por parte del usuario. Todas las reparaciones,
ajustes o servicio de mantenimiento debe realizarlos solamente el técnico.
Este producto no tiene interruptor de potencia; se activa cuando se enchufa el cable de alimentación.
Lasers
The Gigabit-SX, Gigabit-LX, and Gigabit LH-LC Modules are Class 1 Laser Products.
Laser Klasse 1
The modules comply with IEC 60825-1, IEC 60825-2
U.S.A.
FCC Class A
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part
15 of the FCC Rules. These limits are designed to provide reasonable protection against interference when the
equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio
frequency energy and, if not installed and used in accordance with the instruction manual, may cause
interference to radio communications. Operation of this equipment in a residential area may cause interference in
which case the user will be required to correct the interference at his own expense.
Canada
This product complies with Class A Canadian EMC requirements.
Australia/New Zealand
This product complies with Australia/New Zealand EMC Class A requirements.
Japan
VCCI Class A
Taiwan
Introduction
NOTE: This Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches is intended
as a supplement to the printed Quick Start Guide included with your Routing Switch chassis. The printed Quick
Start Guide is the primary document for unpacking a ProCurve Routing Switch and performing the Routing Switch
installation. The latest version of the Quick Start Guide is available on the ProCurve Web site:
http://www.procurve.com
(Click on Technical Support, then Product Manuals.)
This guide describes how to install, configure, and monitor the following devices:
• ProCurve Routing Switch 9315M
• ProCurve Routing Switch 9308M
• ProCurve Routing Switch 9304M
Audience
This manual is designed for system administrators with a working knowledge of Layer 2 and Layer 3 switching and
routing.
If you are using a ProCurve Routing Switch, you should be familiar with the following protocols if applicable to your
network—IP, RIP, OSPF, BGP4, IGMP, PIM, DVMRP, IPX, AppleTalk, and VRRP.
Conventions
This guide uses the following typographical conventions:
Italic highlights the title of another publication and occasionally emphasizes a word or phrase.
WARNING: A warning calls your attention to a possible hazard that can cause injury or death.
CAUTION: A caution calls your attention to either a possible hazard that can damage equipment or an action
that can produce an operating problem or other unwanted results.
Terminology
The following table defines basic product terms used in this guide.
Term Definition
chassis A Routing Switch that accepts optional modules or power supplies. The
ProCurve 9304M, 9308M, 9315M, and 9408sl Routing Switches are Chassis
or
devices.
Chassis device
Routing Switch A Layer 2 and Layer 3 device that switches and routes network traffic. The
term router is sometimes used in this document in descriptions of a Routing
or
Switch’s Layer 3 routing protocol features.
router
ProCurveRS# An example Command Line Interface (CLI) prompt. Actual prompts show
the product number for the device, such as HP9304#.
Related Publications
Refer to the “Organization of Product Documentation” on page xv for a list of publications for your ProCurve
Routing Switch.
This chapter outlines the physical installation and network connection for the 9300 series Routing Switches.
Unpacking a System
To unpack a system, refer to the printed Quick Start Guide shipped with your Routing Switch.
Package Contents
For a list of included parts, please refer to the Read Me First document shipped with your HP device.
General Requirements
To manage a Routing Switch, you need the following items for serial connection to the device:
• A management station, such as a PC running a terminal emulation application.
• A straight-through EIA/TIA DB-9 serial cable (F/F), which is provided with your ProCurve Routing Switch.
Use the serial connection to perform basic configuration tasks including assigning an IP address and network
mask to the system. This information is required for managing the system using the Web management interface
or using the CLI through Telnet.
WARNING: Do not use the extraction handles on the power supply units to lift or carry the 9300 series Routing
Switch. The power supply extraction handles are not intended to support the weight of the system and must never
be used to lift or move the chassis.
Installation Procedures
Summary
Follow the steps listed below to install your Routing Switch. Details for each of the steps highlighted below are
provided in the rest of this chapter.
1. Preparing the installation site (page 2-4). Ensure that the physical environment that will host the Routing
Switch has the proper cabling and ventilation.
2. Installing (or Removing) Optional Modules (page 2-4). There are several optional modules designed for
any of the module slots on the 9300 series Routing Switches. Depending on where you will install the
Routing Switch, it may be easier to install the modules first. However, the modules are “hot swappable”, and
can be installed or removed after the Routing Switch is mounted and powered-on.
NOTE: If you are installing a second Redundant Management module, see “Using Redundant Management
Modules” on page 3-1 for complete installation, configuration, and management instructions for this module.
3. (Optional) Installing (or Removing) Redundant Power Supplies (page 2-8). The 9304M can hold one or
two power supplies. The 9308M and 9315M can hold up to four power supplies. If you have a power supply
to install, it may be easier to install it before mounting the Routing Switch, although the power supplies are
“hot swappable”, and can be installed or removed after the Routing Switch is mounted and powered-on.
CAUTION: Remove the power cord from a power supply before you install it in or remove it from the Routing
Switch. Otherwise, damage to the power supply or the Routing Switch could result. (The Routing Switch can
be running while a power supply is being installed or removed, but the power supply itself should not be
connected to a power source.)
4. Verifying Proper Operation (page 2-12). Verify that the system and module LEDs are registering the proper
LED state after power-on of the system.
5. Attaching a PC or Terminal (page 2-13). A terminal or PC serial port connection is all that is required to
support configuration on the Routing Switch.
6. Assign a Permanent Password (page 2-15). No default password is assigned to HP devices. For additional
access security, assign a password.
7. Assign Permanent IP Addresses (page 2-17). Before attaching equipment to the device, assign an
interface IP address to the subnet on which it will be located. Initial IP address assignment is done using the
Command Line Interface (CLI) with either a direct serial connection or using Telnet with a direct terminal-to-
device LAN connection. The subsequent IP address assignments used with Routing Switches can be done
via Telnet or the Web management interface.
8. Mounting the Device (page 2-18). ProCurve Routing Switches support both desktop and rack-mount
installation.
9. Connecting Power to the Device (page 2-20). Once the device is physically installed, plug the device into a
nearby power source in keeping with regulatory requirements outlined in this manual.
10. Connecting Network Devices (page 2-20). Once the device is powered on and IP addresses are assigned,
the device is ready to accept network equipment.
CAUTION: Use the CESD grounding tap (provided by HP) before connecting Category 5 or better UTP
copper networking cables.
11. Verifying Proper Connections (page 2-23). Test IP connectivity to other devices by pinging them and
tracing routes.
12. Managing the device (page 2-24). Continue configuring the device using the CLI or the Web management
interface.
13. Swapping Modules (page 2-33). If you are removing a module and placing a module of another type in its
slot, you need to reconfigure the chassis slot for the module.
Installation Precautions
Follow these precautions when installing a ProCurve Routing Switch:
WARNING: The 9304M chassis exceeds 40 lbs. (18 kg), or 47.7 lbs.(21.6 kg) when fully populated with modules
and power supplies. Also, the 9308M chassis exceeds 55 lbs. (24.9 kg) or 69.1 lbs. (31.3 kg) when fully populated
with modules and power supplies. TWO OR MORE PEOPLE ARE REQUIRED WHEN LIFTING, HANDLING, OR
MOUNTING THESE ROUTING SWITCHES.
WARNING: The 9315M chassis exceeds 80 lbs (35 kg.) without modules and power supplies installed. To avoid
personal injury, reduce weight of chassis by removing all modules and power supplies from chassis prior to lifting
or moving. TWO OR MORE PEOPLE ARE REQUIRED WHEN LIFTING, HANDLING, OR MOUNTING THIS
ROUTING SWITCH.
WARNING: Do not lift the 15-slot chassis using the lifting handles unless the chassis is empty. TO REDUCE
WEIGHT, REMOVE THE POWER SUPPLIES AND INTERFACE MODULES BEFORE LIFTING THE CHASSIS.
WARNING: Do not use the extraction handles on the power supply units to lift or carry the Routing Switch. The
power supply extraction handles are not intended to support the weight of the system and must never be used to
lift or move the chassis.
WARNING: The rack or cabinet housing the Routing Switch should be adequately secured to prevent it from
becoming unstable and/or falling over.
WARNING: To increase rack stability, devices installed in a rack or cabinet should be mounted as low as
possible, with the heaviest device at the bottom and progressively lighter devices installed above.
WARNING: Make sure that the power source circuits are properly grounded, then use the power cord supplied
with the device to connect it to the power source.
If the installation requires a different power cord than the one supplied with the device, be sure to use a power
cord displaying the mark of the safety agency that defines the regulations for power cords in your country. The
mark is your assurance that the power cord can be used safely with the device.
CAUTION:
• Note that the AC outlets should be near the Routing Switch, and should be easily accessible in case the
Routing Switch must be powered off.
• Ensure that the device does not overload the power circuits, wiring, and over-current protection. To
determine the possibility of overloading the supply circuits, add together the ampere ratings of all devices
installed on the same circuit as the Routing Switch. Compare this total with the rating limit for the circuit. The
maximum ampere ratings are usually printed on the devices, near their AC power connectors.
• Do not install the device in an environment where the operating ambient temperature might exceed 40
degrees C (104 degrees F).
• Make sure the air flow around the front, sides, and back of the device is not restricted.
• To provide additional safety and proper airflow to the device, make sure that slot cover plates are installed on
all chassis slots that do not have either a module or power supply installed.
• Disconnect the power cord(s) from all power sources to completely remove power from the device.
• Never leave tools inside the Routing Switch.
• When installing or removing a power supply, disconnect the power cord(s) from all power sources to
completely remove power from the device.
• Before connecting Category 5 or better UTP copper networking cables to a chassis module on the 9300
series, use the CESD grounding tap (shipped with the 9304M and 9308M and with chassis modules designed
for UTP copper networking cables). See the Cable Grounding Instructions included with the CESD grounding
tap. If you did not receive a CESD grounding tap kit (HP part number 5064-9974) with the above HP
products, you can request one without charge from your HP Customer Care Center (CCC). To contact the
CCC for your area, see the support and warranty booklet (Support is as Close as the World Wide Web!)
shipped with your HP product. CCCs are also listed in the HP ProCurve Networking Service and Support
Guide available at http://www.procurve.com. (Click on Technical Support, then Support Services.)
Cabling Infrastructure
Ensure that the proper cabling is installed in the site. Refer to the Quick Start Guide for a summary of supported
cabling types and their specifications.
Installation Location
Before installing the device, plan its location and orientation relative to other devices and equipment. Allow at
least three inches (3") of space at the front of the device for the twisted-pair, fiber-optic and power cabling. Also,
a minimum of three inches (3") of space should be allowed between the sides and the back of the device and
walls or other obstructions.
NOTE: Use at least two separate branch circuits for the power. This provides redundancy in case one of the
circuits fails.
Installing Modules
To install a module in the chassis, do the following:
1. Put on an ESD wrist strap and attach the copper tape to a metal surface (e.g. an equipment rack) to act as
ground.
WARNING: To avoid risk of shock, do not attach the copper tape to the air flow panel of the power supply.
2. Remove the blank face plate from the slot in which the module is to be installed. Place the blank face plate in
a safe place for future use.
3. Remove the module from its packaging.
4. Insert the module into the chassis slot and glide the card along the card guide until the card ejectors on the
front of the module touch the chassis.
CAUTION: To avoid hardware damage during installation, be careful to properly line up the edges of the
module board with the guides built into the module slot on the chassis.
NOTE: Modules for the 9308M and 9315M slide in vertically with the module label (e.g. ProCurve 9300) and
port number 1 at the top (Figure 2.4). Modules for the 9304M slide in horizontally with the module label (e.g.
ProCurve 9300) and port number 1 on the left (Figure 2.5).
5. Push the ejectors toward the center of the module until they are flush with the front panel of the module. The
module will be fully seated in the backplane.
6. Tighten the two screws at either end of the module.
CAUTION: If one or more of the slots remains unused, make sure that a slot cover plate is still attached over
each unused slot for safe operation and proper system cooling.
Use the CESD grounding tap (provided by HP) before connecting Category 5 or better UTP copper
networking cables.
NOTE: If installing a module into a slot previously occupied by a different type of module, you must use the
CLI to configure the new module (with the CLI command, module <slot-num> <module-type>) and then use
the write memory command to save the configuration and the reload command to reset the Routing Switch.
Refer to “Swapping Modules” on page 2-33. If the slot has never contained a module or you are swapping in
exactly the same type of module, you do not need to enter these commands.
Removing Modules
To remove a module from the chassis, do the following:
1. Put on an ESD wrist strap and attach the copper tape to a metal surface (e.g. an equipment rack) to act as
ground.
WARNING:To avoid risk of shock, do not attach the copper tape to the air flow panel of the power supply.
5. Cover the slot with the blank face plate that shipped with the chassis.
CAUTION: If you remove a module and do not replace it, cover the slot opening with one of the blank plates
you received with the Routing Switch to provide additional safety and airflow for the system.
NOTE: Modules can be installed and removed when the unit is powered on (hot swap). There is no need to
power the system down. You do not need to change the slot’s configuration unless you plan to insert a
different type of module. Refer to “Swapping Modules” on page 2-33.
• If the mini-GBIC has a movable collar, push the collar in towards the front panel of the routing switch and
and then gently pull on the mini-GBIC to slide it out of the module.
5. Pull the mini-GBIC out of the module.
6. Store the mini-GBIC in a safe, static-free place.
Installation Notes
1000Base-SX Ports
The 1000Base-SX mini-GBIC ports operate in full-duplex mode and support multi-mode fiber cabling through LC
connectors. A 1000Base-SX mini-GBIC port must be connected to another 1000Base-SX port. Connection to a
1000Base-LX port or a 1000Base-LH port is not supported.
1000Base-LX Ports
The 1000Base-LX mini-GBIC ports operate in full-duplex mode and support both single-mode fiber (SMF) and
multi-mode fiber (MMF) cabling through LC connectors. A 1000Base-LX mini-GBIC port must be connected to
another 1000Base-LX port. Connection to a 1000Base-SX port or a 1000Base-LH port is not supported.
1000Base-LH Ports
The 1000Base-LH mini-GBIC ports operate in full-duplex mode and supports single-mode fiber (SMF) cabling
through LC connectors. A 1000Base-LH mini-GBIC port must be connected to another 1000Base-LH port.
Connection to a 1000Base-LX or 1000Base-SX mini-GBIC port is not supported.
WARNING: For safety reasons, the ESD wrist strap provided with your product contains a series limiting
resistor. If a replacement ESD strap is used, make certain that it contains a series limiting resistor with at least
1MOhm of resistance. Also, make certain the strap is not connected to any internal part of your ProCurve
chassis.
• The protective covering that you removed from the port connectors when you initially installed the XENPAK
optic
• The new XENPAK optic (if you are installing one)
• A small flathead screwdriver
4. Using the flathead screwdriver if necessary, loosen the two thumbscrews on the ends of the XENPAK optic.
5. Pull the XENPAK optic out of the port, and place it in an anti-static bag for storage if desired.
This command displays status information for the fans and the power supplies. The power supplies are numbered
in the display. The power supply numbers correspond to the following positions. These positions assume you are
facing the front of the chassis, not the rear.
CAUTION: Install the J4147A Power Supply only in the 9308M (J4138A) and 9304M (J4139A) Routing
Switch chassis. Install the J4875A Power Supply only in the 9315M (J4875A) Routing Switch. The J4147A
and J4875A Power Supplies are not interchangeable.
CAUTION: Power supplies are hot swappable but they should be disconnected from AC power before being
installed or removed. That is, the Routing Switch can be running while a power supply is being installed or
removed, but the power supply itself should not be connected to a power source. Otherwise, damage to the
power supply or the Routing Switch could result.
1. Use a screwdriver to remove the blank power supply face plate. This will expose the empty power supply
slot.
2. Remove the power supply from its packaging; or, if the power supply is connected to a power source, remove
the power cable.
3. Holding the bar on the front panel of the power supply, insert the power supply into the empty power supply
slot using the module guides provided on either side of the compartment.
CAUTION: Carefully follow the mechanical guides on each side of the power supply slot and make sure the
power supply is properly inserted in the guides. Never insert the power supply upside down.
4. Continue to slide the power supply towards the back of the chassis until the two metal rods and the connector
make contact with the back connector. Then push the power supply until the front panel of the power supply
is flush with the rest of the chassis.
5. Use a screwdriver to tighten the two screws on either side of the power supply.
6. Connect the power cord to the front of the power supply.
7. Connect the power plug into an outlet.
CAUTION: Power supplies are hot swappable but they should be disconnected from AC power before being
installed or removed. That is, the Routing Switch can be running while a power supply is being installed or
removed, but the power supply itself should not be connected to a power source. Otherwise, damage to the
power supply or the Routing Switch could result.
2 - 10 June 2005
Installation
June 2005 2 - 11
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
1
1
1
2
2
3
Activity
Activity
Activity
Activity
Activity
Activity
Link
Link
Link
Link
Link
Link
4
2
2
2
5
5
6
3
3
3
7
7
8
Activity
Activity
Activity
Activity
Activity
Activity
Link
Link
Link
Link
Link
Link
9
9
10
10
4
4
4
11
11
12
12
5
5
Activity
Activity
Activity
Activity
Activity
Activity
13
13
Link
Link
Link
Link
Link
Link
14
14
6
6
6
15
15
16
16
7
7
7
17
17
Activity
18
18
Activity
Activity
Activity
Activity
Activity
Link
Link
Link
Link
Link
Link
19
19
8
8
8
20
20
21
21
Pwr
22
22
23
23
24
24
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
NOTE: If your device has more than one power supply installed, repeat this procedure for each power supply.
1. Connect the power cord supplied with the device to the power connector found on the power supply on the
front of the device.
2 - 12 June 2005
Installation
NOTE: The devices do not have power switches. They are powered on when the power cord is connected
to the device and to a power source.
If your installation requires a different power cord than that supplied with the device, be sure to obtain a power
cord displaying the mark of the safety agency that defines the regulations for power cords in your country.
The mark is your assurance that the power cord can be used safely with the device.
3. Verify proper operation by observing the LEDs. Make sure the LED on each power supply is a solid green.
Also make sure that some of the port LEDs on each module momentarily light up. The LEDs indicate that the
device is performing diagnostics. After the diagnostics are complete, the LEDs will be dark except for the
ones that are attached by cables to other devices. If the links on these cables are good and the connected
device is powered on, the link LEDs will light.
NOTE: If all of the LEDs on a module do not light up during the diagnostics, this does not indicate an error.
Only some of the LEDs are lighted during the diagnostics.
For more details on specific LED conditions after system start-up, refer to the Quick Start Guide.
Attaching a PC or Terminal
To assign an IP address, you must have access to the Command Line Interface (CLI). The CLI is a text-based
interface that can be accessed through a direct serial connection to the device and through Telnet connections.
The CLI is described in detail in the Command Line Interface Reference for ProCurve 9300/9400 Series Routing
Switches.
You need to assign a permanent IP address using the CLI. You can access the CLI by attaching a serial cable to
the Console port. After you assign an IP address, you can access the system through Telnet or the Web
management interface.
NOTE: Use this procedure if you are unable to make the serial connection described above.
June 2005 2 - 13
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
CAUTION: Before connecting Category 5 or better UTP copper networking cables to a chassis module on the
9300 series, use the CESD grounding tap (shipped with the 9304M/9308M/9315M and with chassis modules
designed for UTP copper networking cables). See the Cable Grounding Instructions included with the CESD
grounding tap. If you did not receive a CESD grounding tap kit (HP part number 5064-9974) with the above HP
products, you can request one without charge from your HP Customer Care Center (CCC). To contact the CCC
for your area, see the support and warranty booklet (Support is as Close as the World Wide Web!) shipped with
your HP product. CCCs are also listed in the HP ProCurve Networking Service and Support Guide available at
http://www.procurve.com. (Click on Technical Support, then Support Services.)
1. Directly connect the LAN port on a Telnet-capable terminal device such as a laptop or desktop PC to port 1 in
slot 1.
2. Configure the terminal device with an IP address and subnet mask that assigns the terminal to the same
subnet as the Routing Switch's IP address for port 1, slot 1.
3. From the DOS prompt, enter telnet <ip-addr> to access the Routing Switch CLI, where <ip-addr> is the IP
address for the Routing Switch port.
When you establish the serial connection to the device, press Enter to display the CLI prompt for your Routing
Switch. For example:
HP9304>
HP9308>
HP9315>
NOTE: For simplicity, CLI examples for the routing switches generally show the command prompt "HP9300".
This command prompt represents either the 9300 series unless otherwise noted.
If you see one of these prompts, you are now connected to the system and can proceed to “Assigning a
Permanent Password” on page 2-15.
You can customize the prompt by changing the system name. See “Entering System Administration Information”
on page 6-3.
If you do not see one of these prompts:
1. Make sure the cable is securely connected to your PC and to the HP device.
2. Check the settings in your terminal emulation program. In addition to the session settings listed above, make
sure the terminal emulation session is running on the same serial port you attached to the HP device.
The EIA/TIA 232 serial communication port serves as a connection point for management by a PC or SNMP
workstation. ProCurve Routing Switches come with a standard male DB-9 connector, shown in
Figure 2.6.
2 - 14 June 2005
Installation
Most PC serial ports also require a cable with a female DB-9 connector. Terminal connections will vary, requiring
either a DB-9 or DB-25 connector, male or female. Serial cable options between a ProCurve Routing Switch and
a PC terminal are shown in Figure 2.7.
NOTE: As indicated in Figure 2.6 and Figure 2.7, some of the wires should not be connected. If you do connect
the wires that are labeled “Reserved”, you might get unexpected results with some terminals.
1 Reserved 1 1 Reserved 8
2 2 2 3
3 3 3 2
4 Reserved 4 4 Reserved 20
5 5 5 7
6 Reserved 6 6 Reserved 6
7 7 7 4
8 8 8 5
9 Reserved 9 9 Reserved 22
June 2005 2 - 15
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
switching and routing features. To access the CONFIG mode, you must already be logged into the Privileged
level of the EXEC mode.
By default, there are no CLI passwords. To secure CLI access, you must assign passwords.
NOTE: You must use the CLI to assign a password. You cannot assign a password using the Web management
interface or an SNMP network management application.
NOTE: You must set a super-user password before you can set other types of passwords.
NOTE: You can perform this procedure only from the CLI.
2 - 16 June 2005
Installation
CAUTION: Use Step 3 only for new systems. If you enter this command on a system you have already
configured, the command erases the configuration. If you accidentally do erase the configuration on a
configured system, enter the write memory command to save the running configuration to the startup-config
file.
3. For new systems only, enter the following command at the Privileged EXEC level prompt (for example,
ProCurveRS#), then press Enter. This command erases the factory test configuration if still present:
ProCurveRS# erase startup-config
4. Access the configuration level of the CLI by entering the following command:
ProCurveRS# configure terminal Privileged EXEC Level
ProCurveRS(config)# Global CONFIG Level
5. Set the IP and mask addresses.
ProCurveRS(config)# int e 1/5
ProCurveRS(config-if-1/5)# ip address 192.22.3.44 255.255.255.0
NOTE: You can use the syntax, ip address <ip-addr> /<mask-bits> if you know the subnet mask length. In
the above example, you could enter ip address 192.22.3.44/24.
June 2005 2 - 17
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
WARNING: The 9304M chassis exceeds 40 lbs. (18 kg), or 47.7 lbs.(21.6 kg) when fully populated with modules
and power supplies. Also, the 9308M chassis exceeds 55 lbs. (24.9 kg) or 69.1 lbs. (31.3 kg) when fully populated
with modules and power supplies. TWO OR MORE PEOPLE ARE REQUIRED WHEN LIFTING, HANDLING, OR
MOUNTING THESE ROUTING SWITCHES.
WARNING: The 9315M chassis exceeds 80 lbs (35 kg.) without modules and power supplies installed. To avoid
personal injury, reduce weight of chassis by removing all modules and power supplies from chassis prior to lifting
or moving. TWO OR MORE PEOPLE ARE REQUIRED WHEN LIFTING, HANDLING, OR MOUNTING THIS
ROUTING SWITCH.
WARNING: Do not lift the 15-slot chassis using the lifting handles unless the chassis is empty. TO REDUCE
WEIGHT, REMOVE THE POWER SUPPLIES AND INTERFACE MODULES BEFORE LIFTING THE CHASSIS.
WARNING: Do not use the extraction handles on the power supply units to lift or carry the Routing Switch. The
power supply extraction handles are not intended to support the weight of the system and must never be used to
lift or move the chassis.
WARNING: Make sure the rack or cabinet housing the Routing Switch is adequately secured to prevent it from
becoming unstable and/or falling over.
WARNING: To increase rack stability, mount the devices you install in a rack or cabinet as low as possible, with
the heaviest device at the bottom and progressively lighter devices installed above.
Desktop Installation
1. Set the device on a flat desktop, table, or shelf. Use a sturdy surface in an uncluttered area. You may want
to secure the networking cables and power cord to the table legs or other part of the surface structure to help
prevent people from tripping over them.
2. Make sure that adequate ventilation is provided for the system—a minimum of three inches (3") clearance is
recommended on all sides.
NOTE: Make sure the air flow is unrestricted around the front, sides, and back of the Routing Switch.
2 - 18 June 2005
Installation
1. Remove the rack mount kit from the shipping carton. There will be two L-shaped mounting brackets and
mounting screws.
2. Attach the mounting brackets to the sides of the routing switch as illustrated in Figure 2.8.
3. Attach the system in the rack as illustrated in Figure 2.8.
4. Proceed to “Connecting Power to the Device” on page 2-20.
June 2005 2 - 19
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
CAUTION:
• There is no separate on/off power switch for the device. The device is powered on when the power cord is
connected to a power supply and to a power source. To turn the system off, simply unplug the power cord(s).
• The power sockets should be installed near the device and should be easily accessible.
• If your installation requires a different power cord than the one supplied with the device, be sure to use a
power cord displaying the mark of the safety agency that defines the regulations for power cords in your
country. The mark is your assurance that the power cord can be used safely with the system.
• For additional warnings and cautions, refer to the “Installation Precautions” on page 2-3.
NOTE: When you power on a Routing Switch that requires multiple power supplies, make sure you apply power
to all the supplies (or at least the minimum number of supplies required for your configuration) at the same time.
Otherwise, the device either will not boot at all, or will boot and then repeatedly display a warning message stating
that you need to add more power supplies.
1. Ensure that all modules and power supplies are properly inserted, and that no module slots or power supply
slots are uncovered.
WARNING: Electrical shock hazard. Never allow any part of your body to be inside the chassis when the
device is connected to a power source or to the network.
CAUTION: Before connecting Category 5 or better UTP copper networking cables to a chassis module on the
9304M or 9308M, use the CESD grounding tap (shipped with the 9300 series and with chassis modules designed
for UTP copper networking cables). See the Cable Grounding Instructions included with the CESD grounding tap.
If you did not receive a CESD grounding tap kit (HP part number 5064-9974) with the above HP products, you can
request one without charge from your HP Customer Care Center (CCC). To contact the CCC for your area, see
the support and warranty booklet (Support is as Close as the World Wide Web!) shipped with your HP product.
CCCs are also listed in the HP ProCurve Networking Service and Support Guide available at http://www.hp.com/
go/hpprocurve. (Click on Technical Support, then Support Services.)
2 - 20 June 2005
Installation
Connectors
• 10/100BaseTX ports come with RJ45 jacks for standard unshielded twisted pair (UTP/Category 5) cable
connections.
• 100BaseFX ports come equipped with MT-RJ connectors.
• 1000BaseSX ports come equipped with SC connectors.
• 1000BaseLX ports come equipped with SC connectors.
• 1000BaseT ports come equipped with RJ-45 connectors.
Figure 2.9 Pin assignment and signalling for 10/100BaseTX and 1000BaseT ports
1 RD+ 1 RD+
2 RD- 2 RD-
8 1 3 TD+ 3 TD+
4 Not used 4 CMT
5 Not used 5 CMT
6 TD- 6 TD-
1 8 7 Not used 7 CMT
8 Not used 8 CMT
Cable Length
• 1000BaseT: Cable length should not exceed 100 meters.
• 100BaseTX: Cable length should not exceed 100 meters.
• 100BaseFX: Cable length should not exceed 2 kilometers.
• 1000BaseSX: Cable length should not exceed 550 meters when operating with multi-mode cabling.
• 1000BaseLX:
• Cable length of 2 – 440 meters is supported on 62.5 μm multi-mode fiber (MMF) cabling.
• Cable length of 2 – 550 meters is supported on 50 μm multi-mode fiber (MMF) cabling.
• Cable length of 2 – 5000 meters is supported on 9 μm single-mode fiber (SMF) cabling.
June 2005 2 - 21
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
a. The TIA 568 building wiring standard specifies 160/500 MHz/km MMF (Multi-mode
Fiber).
b. The international ISO/IEC 11801 building wiring standard specifies 200/500
MHz*km MMF.
c. The ANSI Fibre Channel specification specifies 500/500 MHz/km 50 micron MMF
and 500/500 MHz*km fiber has been proposed for addition to ISO/IEC 11801.
NOTE: Cable installation and network configuration will affect overall transmission capability. The numbers
provided above represent the accepted recommendations of the various standards. For network-specific
recommendations, consult your local HP reseller or system engineer.
1 1
2 2
3 3
1 8
unused 4 4 unused
unused 5 5 unused
6 6
unused 7 7 unused
unused 8 8 unused
2 - 22 June 2005
Installation
1 1
2 2
3 3
1 8
4 4
5 5
6 6
7 7
8 8
NOTE: The 802.3ab standard calls for automatic negotiation of the connection between two 1000BaseT ports.
Consequently, a crossover cable may not be required; a straight-through cable may work as well.
Pinging an IP Address
To verify that an HP device can reach another device through the network, enter a command such as the
following at any level of the CLI on the HP device:
ProCurveRS> ping 192.33.4.7
June 2005 2 - 23
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Syntax: ping <ip addr> | <hostname> [source <ip addr>] [count <num>] [timeout <msec>] [ttl <num>] [size
<byte>] [quiet] [numeric] [no-fragment] [verify] [data <1-to-4 byte hex>] [brief]
See the Command Line Interface Reference for ProCurve 9300/9400 Series Routing Switches for information
about its parameters.
NOTE: If you address the ping to the IP broadcast address, the device lists the first four responses to the ping.
Tracing a Route
To determine the path through which an HP device can reach another device, enter a command such as the
following at any level of the CLI on the HP device:
ProCurveRS> traceroute 192.33.4.7
Syntax: traceroute <host-ip-addr> [maxttl <value>] [minttl <value>] [numeric] [timeout <value>]
[source-ip <ip addr>]
The CLI displays trace route information for each hop as soon as the information is received. Traceroute requests
display all responses to a given TTL. In addition, if there are multiple equal-cost routes to the destination, the HP
device displays up to three responses by default. See the Command Line Interface Reference for ProCurve 9300/
9400 Series Routing Switches for information about the command syntax.
NOTE: By default, any user who can open a serial or Telnet connection to the HP device can access all these
CLI levels. To secure access, you can configure Enable passwords or local user accounts, and you can configure
the device to use a RADIUS or TACACS/TACACS+ server for authentication. See the Security Guide for
ProCurve 9300/9400 Series Routing Switches.
2 - 24 June 2005
Installation
On-Line Help
To display a list of available commands or command options, enter “?” or press Tab. If you have not entered part
of a command at the command prompt, all the commands supported at the current CLI level are listed. If you
enter part of a command, then enter “?” or press Tab, the CLI lists the options you can enter at this point in the
command string.
If you enter an invalid command followed by ?, a message appears indicating the command was unrecognized.
For example:
ProCurveRS(config)# rooter ip
Unrecognized command
Command Completion
The CLI supports command completion, so you do not need to enter the entire name of a command or option. As
long as you enter enough characters of the command or option name to avoid ambiguity with other commands or
options, the CLI understands what you are typing.
Scroll Control
By default, the CLI uses a page mode to paginate displays that are longer than the number of rows in your
terminal emulation window. For example, if you display a list of all the commands at the global CONFIG level but
your terminal emulation window does not have enough rows to display them all at once, the page mode stops the
display and lists your choices for continuing the display.
Here is an example:
aaa
all-client
appletalk
arp
boot
some lines omitted for brevity...
ipx
lock-address
logging
mac
--More--, next page: Space, next line: Return key, quit: Control-c
The software provides the following scrolling options:
• Press the Space bar to display the next page (one screen at time).
• Press the Return or Enter key to display the next line (one line at a time).
• Press CTRL + C to cancel the display.
Line Editing Commands
The CLI supports the following line editing commands. To enter a line-editing command, use the CTRL-key
combination for the command by pressing and holding the CTRL key, then pressing the letter associated with the
command.
June 2005 2 - 25
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Ctrl-K Deletes all characters from the cursor to the end of the command
line.
Ctrl-U; Ctrl-X Deletes all characters from the cursor to the beginning of the
command line.
Ctrl-Z Moves from any CONFIG level of the CLI to the Privileged EXEC
level; at the Privileged EXEC level, moves to the User EXEC
level.
For a complete list of CLI commands and syntax information for each command, see the Command Line Interface
Reference for ProCurve 9300/9400 Series Routing Switches.
Note that the regular expression specified as the search string is case sensitive. In the example above, a search
string of “Internet” would match the line containing the IP address, but a search string of “internet” would not.
2 - 26 June 2005
Installation
June 2005 2 - 27
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
2 - 28 June 2005
Installation
Character Operation
^ A caret (when not used within brackets) matches on the beginning of an input string.
For example, the following regular expression matches output that begins with “deg”:
^deg
June 2005 2 - 29
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Character Operation
[^1-5]
• - The hyphen separates the beginning and ending of a range of characters. A match
occurs if any of the characters within the range is present. See the example above.
| A vertical bar separates two alternative values or sets of values. The output can match
one or the other value.
For example, the following regular expression matches output that contains either “abc” or
“defg”:
abc|defg
If you want to filter for a special character instead of using the special character as described in the table above,
enter “\” (backslash) in front of the character. For example, to filter on output containing an asterisk, enter the
asterisk portion of the regular expression as “\*”.
ProCurveRS# show ip route bgp | include \*
2 - 30 June 2005
Installation
NOTE: If you are unable to connect with the Routing Switch through a Web browser due to a proxy problem, it
may be necessary to set your Web browser to direct Internet access instead of using a proxy. For information on
how to change a proxy setting, refer to the online help provided with your Web browser.
By default, you can use the user name “get” and the default read-only password “public” for read-only access.
However, for read-write access, you must enter “set” for the user name, and enter a read-write community string
that you have configured on the device for the password. There is no default read-write community string. You
must add one. See the Security Guide for ProCurve 9300/9400 Series Routing Switches.
As an alternative to using the SNMP community strings to log in, you can configure the device to secure Web
management access using local user accounts, a RADIUS authentication server, or a TACACS/TACACS+ server.
On the 9300 series, if you have configured a greeting banner (using the banner motd CLI command), a panel
with the greeting is displayed first. Click on the Login link to proceed to the Login dialog. Here is an example of
the greeting panel:
June 2005 2 - 31
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Front Panel
Front Panel
Menu Type
Frame
(Tree View
shown)
Page Menu
Bottom Frame
Menu Frame
NOTE: The tree view is available when you use the Web management interface with Netscape 4.0 or higher
or Internet Explorer 4.0 or higher browsers. If you use the Web management interface with an older browser,
the Web management interface displays the List view only, and the Web Management Preferences panel
does not include an option to display the tree view.
6. When you have finished, click the Apply button on the panel, then click the Refresh button on your browser to
activate the changes.
2 - 32 June 2005
Installation
7. To save the configuration, click the plus sign next to the Command folder, then click the Save to Flash link.
NOTE: The only changes that become permanent are the settings to the Menu Type and the Front Panel
Frame. Any other elements you enable or disable will go back to their default settings the next time you start
the Web management interface.
Swapping Modules
NOTE: The disable module and enable module commands are not applicable to management modules. You
do not need to disable a management module in software before removing it.
To disable a non-management module, enter a command such as the following at the Privileged EXEC level of
the CLI:
ProCurveRS# disable module 3
This command disables the module in slot 3.
Syntax: disable module <slot-num>
The <slot-num> parameter specifies the slot number.
• Slots in a 4-slot chassis are numbered 1 – 4, from top to bottom.
• Slots in an 8-slot chassis are numbered 1 – 8, from left to right.
• Slots in a 15-slot chassis are numbered 1 – 15, from left to right.
NOTE: If you remove the module without first disabling it, the routing switch re-initializes the other modules in the
chassis, causing a brief interruption in service after which normal operation resumes.
If you decide, after disabling a module, that you do not want to remove the module, re-enable the module using
the following command:
ProCurveRS# enable module 3
Syntax: enable module <slot-num>
NOTE: You do not need to enable a module after inserting it in the chassis. The module is automatically
enabled when you insert the module into a live chassis or when you power on the chassis.
NOTE: If you plan to replace a removed module with a different type of module, you must configure the slot for
the module. To configure a slot for a module, use the module command at the global CONFIG level of the CLI.
See “Installing the New Module” on page 2-33.
June 2005 2 - 33
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: If the slot has never contained a module or you are swapping in exactly the same type of module, you do
not need to use the module command. The slot requires configuration only if it has already been configured for
another type of module.
NOTE: Some module strings apply to more than one module. This is because the slot configuration does not
differ based on the physical layer. For example, a slot does not distinguish between an 8-port LX Fiber module
and 8-port SX Fiber module. However, the software does indicate the physical layer type when you display
module information. For example, the output of the show module command indicates the physical layer types of
each module.
2 - 34 June 2005
Installation
June 2005 2 - 35
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
2 - 36 June 2005
Installation
7. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
Next Steps
Once the initial installation steps are completed, you can proceed with enabling routing protocols and configuring
specific features on the Routing Switches as described in “Configuring Basic Features” on page 6-1.
Configuration details for all routing protocols and advanced VLAN features can be found in the Advanced
Configuration and Management Guide for ProCurve 9300/9400 Series Routing Switches.
June 2005 2 - 37
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
2 - 38 June 2005
Chapter 3
Using Redundant Management Modules
This chapter describes the redundant management modules and how to configure and manage them. Redundant
management modules provide increased routing capacity and failover for 9300 series Routing Switches.
See the following sections for information:
• “Configuring the Redundant Management Parameters” on page 3-3
• “File Synchronization Between the Active and Standby Redundant Management Modules” on page 3-10
• “Switching Over to the Standby Redundant Management Module” on page 3-15
The redundant management modules are fully-functional CPU management modules for Routing Switches. You
can use one or two redundant management modules in these devices.
You can use one or two redundant management modules in a Routing Switch. Using two redundant management
modules adds fault protection against system outage. The two modules work together as active and standby
management modules. If the active module becomes unavailable, the standby module automatically takes over
system operation.
NOTE: This chapter does not describe management features that are specific to the T-Flow Redundant
Management Module, such as logging on to individual CPUs. See “Using the T-Flow Redundant Management
Module” on page 4-1.
Configuration Considerations
• The Management Modules 2 and 4 support redundancy.
• You can use one or two redundant management modules in a Routing Switch.
• You cannot use older management modules in the same Routing Switch with redundant management
modules.
Temperature Sensor
The redundant management modules contain a temperature sensor. You can use the CLI or Web management
interface to display the active redundant management module's temperature and to change the warning and
shutdown temperature levels. See “Using the Temperature Sensor” on page 6-47.
Switchover
When you power on or reload a Routing Switch that contains two redundant management modules, the active
redundant management module is selected based on the chassis slot previously specified by you or according to
the lower slot number.
After the active module is selected, the active module loads its boot and flash code (boot and system software)
and its system-config file and manages the system. The standby module also boots, using its own boot code but
using the active module's flash code and system-config file. The standby module monitors the heartbeat of the
active module. If the active module becomes unavailable, the standby module notices the absence of the
heartbeat and assumes management control of the system.
NOTE: By default, the system does not use the boot code on the active module to boot the standby module. If
you upgrade the boot code on the active module and the code contains a problem, you can still use the system by
running the older boot code that is on the standby module. You can configure the standby to synchronize with the
active module's boot code. See “File Synchronization Between the Active and Standby Redundant Management
Modules” on page 3-10.
The standby module's system-config file is updated whenever the system-config file on the active module is
updated. In addition, the running-config file on the standby module is updated at regular intervals to match the
active module's running-config data. Thus, when a switchover occurs, the standby module also can reinstate the
configuration data in the active module's running-config.
Following this switchover to the standby module, the standby module becomes the active module and continues to
manage the system. When the other redundant management module (the one that used to be the active module)
becomes available again or is replaced, that module becomes the standby module.
The active module also monitors the standby module. If the standby module becomes unavailable, the active
module tries to reboot the standby module. You can display the status of each module using the CLI or the Web
management interface, as described in “Determining Redundant Management Module Status” on page 3-7.
Management Sessions
You can establish management sessions only with the active redundant management module, not with the
standby redundant management module. During switchover, all the CLI, Web management interface, and SNMP
management application sessions open on the system are closed. To manage the system following a switchover,
you must open a new management session. Although the system's MAC addresses change following switchover,
the IP addresses do not. You can open new management sessions on the same IP addresses you were using
before the switchover if desired.
To establish a serial connection to the CLI, you must move the serial cable to the serial port on the active
redundant management module.
NOTE: The 15-slot chassis makes use of locally administered MAC addresses. If your site already uses locally
administered MAC addresses of the HP OUI, which is 00e052, there could be a MAC address conflict with one of
the ports on the HP device.
NOTE: The system must be running a version of software that supports the module you want to install.
NOTE: The slots in a 15-slot chassis are divided among 4 internal regions. Slots 1 – 4 belong to the same
region; slots 5 – 8 belong to the same region; slots 9 – 12 belong to the same region, and slots 13 – 15 belong to
the same region. If you are using redundant management modules, HP recommends that you place both
management modules in slots belonging to the same region. For example, if you place one management module
in slot 5, HP recommends that you place the other management module in slot 6, 7, or 8.
NOTE: The slots in a 15-slot chassis are divided among 4 internal regions. Slots 1 – 4 belong to the same
region; slots 5 – 8 belong to the same region; slots 9 – 12 belong to the same region, and slots 13 – 15 belong
to the same region. If you are using redundant management modules, HP recommends that you place both
management modules in slots belonging to the same region. For example, if you place one management
module in slot 5, HP recommends that you place the other management module in slot 6, 7, or 8.
5. Select the module type from the Module Type pulldown menu.
6. Click the Add button to save the change to the device’s running-config file.
7. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
The configuration change is saved to the active redundant management module's startup-config file. (The
change is automatically sent to the standby module when the active module's system-config file is copied to
the standby module.)
NOTE: You also can access the dialog for saving configuration changes by clicking on Command in the tree
view, then clicking on Save to Flash.
NOTE:
• Slots in a 4-slot chassis are numbered 1 – 4, from top to bottom.
• Slots in an 8-slot chassis are numbered 1 – 8, from top to bottom.
• Slots in a 15-slot chassis are numbered 1 – 15, from left to right.
You can override the default and specify the active module.
NOTE: The change does not take effect until you reload the system. If you save the change to the active
module's system-config file before reloading, the change persists across system reloads. Otherwise, the change
affects only the next system reload.
NOTE: If you do not save the change to the startup-config file, the change affects only the next reload.
3. Select slot number for the active redundant management module from the Active Management Slot pulldown
menu. If you use the default value, Auto Select, the Routing Switch uses the redundant management module
in the lower slot number.
• Slots in a 4-slot chassis are numbered 1 – 4, from top to bottom.
NOTE: If you do not save the change to the startup-config file, the change affects only the next reload.
NOTE: The other options on this panel are described in later sections.
Status LED
If you are located near the device, you can determine which redundant management module is currently the active
module and which one is the standby by observing the upper green LED to the right of the serial management
port. If the upper green LED is lit, the module is currently the active redundant management module. If the LED
is dark, the module is the standby. The lower green LED indicates the power status. If the lower LED is dark, the
module is not receiving power. (A module without power will not function as the active or standby module.)
Software
You can display status information for the modules using either of the following methods.
NOTE:
• Slots in a 4-slot chassis are numbered 1 – 4, from top to bottom.
• Slots in an 8-slot chassis are numbered 1 – 8, from top to bottom.
• Slots in a 15-slot chassis are numbered 1 – 15, from left to right.
The Status column shows the module status. The redundant management modules can have one of the following
statuses:
• ACTIVE – The module is currently the active management module.
• STANDBY – The module is the standby management module.
• COMING UP – The module is coming up as the standby module. This status can be observed during
switchover.
The statuses above apply only to management modules. The following statuses apply only to host modules:
• FAILED – This status applies only to host modules, not to management modules. This status indicates that
the host module failed to come up.
• OK – This status applies only to host modules, not to management modules. This status indicates that the
module came up and is operating normally.
The Status column shows the module status. The redundant management modules can have one of the following
statuses:
• ACTIVE – The module is currently the active management module.
• STANDBY – The module is the standby management module.
The statuses above apply only to management modules. The following statuses apply only to host modules:
• FAILED – This status applies only to host modules, not to management modules. This status indicates that
the host module failed to come up.
• OK – This status applies only to host modules, not to management modules. This status indicates that the
module came up and is operating normally.
You can configure the standby redundant management module to synchronize with the active redundant
management module's boot code whenever the boot code on the active module is updated or the system
starts up.
• Flash code (system software) – The flash code is automatically synchronized between the redundant
management modules. When the system starts up, the active redundant management module sends its flash
code to the standby redundant management module to boot the module.
NOTE: The flash code on T-Flow TSP CPUs (non-management CPUs) is not automatically synchronized.
To synchronize the flash code on the TSP CPUs, use the vm copy tftp flash command, described in
“Immediately Synchronizing Software” on page 3-13. The flash code on the CPU is automatically
synchronized.
• System-config file – The system-config file is automatically copied from the active redundant management
module to the standby redundant management module when the system starts up. The file is also copied to
the standby module whenever you save changes to the file. If switchover occurs, the standby redundant
management module loads system parameters from the running-config data that was last received from the
active redundant management module. If the standby module did not receive running-config data from the
active module, the standby module uses configuration information in the system-config file copied from the
active module.
3 - 10 June 2005
Using Redundant Management Modules
• Running-config – The running-config is automatically copied from the active redundant management module
to the standby redundant management module at regular intervals. The default interval is 10 seconds. You
can change the interval to 4 – 20 seconds. If you set the interval to 0, the configuration data is not copied to
the standby redundant management module. As described above, if switchover occurs, the standby
redundant management module loads system parameters from the running-config that was last received from
the active redundant management module.
Figure 3.1 shows how the files are synchronized between the active redundant management module and the
standby redundant management module.
June 2005 3 - 11
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
When you synchronize software between the modules, the active module copies its software to the standby
module.
To display the current file synchronization settings, enter the following command:
ProCurveRS# sync-standby
NOTE: The values shown in this example are the default values.
Syntax: sync-standby
NOTE: The sync-standby command has optional parameters. If you enter one of the parameters, the CLI
synchronizes software between the modules. To display the synchronization settings instead of synchronizing
software, enter the command without parameters.
Sync code image Indicates whether the active module is configured to automatically
synchronize its flash code with the standby module. The value can be
one of the following:
• FALSE – The code is not automatically synchronized.
• TRUE – The code is automatically synchronized.
Sync config data Indicates whether the active module is configured to automatically
synchronize its startup-config file with the standby module. The value
can be one of the following:
• FALSE – The startup-config file is not automatically
synchronized.
• TRUE – The startup-config file is automatically synchronized.
Sync boot image Indicates whether the active module is configured to automatically
synchronize its boot code with the standby module. The value can be
one of the following:
• FALSE – The boot code is not automatically synchronized.
• TRUE – The boot code is automatically synchronized.
Running-config sync interval Indicates whether the active module is configured to automatically
synchronize its running-config with the standby module. The value
can be one of the following:
• FALSE – The running-config is not automatically synchronized.
• TRUE – The running-config is automatically synchronized.
3 - 12 June 2005
Using Redundant Management Modules
NOTE: The sync-standby code command does not synchronize the TSP CPUs (non-management CPUs) on
the T-Flow. To synchronize the TSP CPUs, use the following command:
This command upgrades the TSP CPU flash code on all TSP CPUs on both T-Flow modules in the chassis.
To immediately synchronize the running-config on the standby module with the running-config on the active
module, enter the following command at the Privileged EXEC level of the CLI:
ProCurveRS# sync-standby running-config
Syntax: sync-standby running-config
To immediately synchronize the startup-config file on the standby module with the startup-config file on the active
module, enter the following command at the Privileged EXEC level of the CLI:
ProCurveRS# sync-standby startup-config
Syntax: sync-standby startup-config
USING THE WEB MANAGEMENT INTERFACE
NOTE: This procedure applies only to synchronizing the boot code and the running-config. To immediately
synchronize the flash code or the startup-config file, use the CLI procedure above.
1. Log on to the device using a valid user name and password for read-write access. The System configuration
dialog is displayed.
June 2005 3 - 13
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
3. Click the button for the code or file you want to immediately synchronize:
• To synchronize the running-config, select the Synchronize Configuration Now button.
• To synchronize the boot flash code, select the Synchronize Boot Flash Now button.
As soon as you click the button, the Web management interface immediately performs the synchronization.
Automating Synchronization of Software
Automatic synchronization of the flash code, running-config, and system-config file is enabled by default.
Automatic synchronization of the boot code is disabled by default.
To change the automatic synchronization setting, use one of the following methods.
USING THE CLI
The CLI commands for automating synchronization of software between the active and standby modules is the
same as the syntax for immediately synchronizing the software. The only difference is the CLI level where you
enter the commands.
• To immediately synchronize software, enter the command at the Privileged EXEC level.
• To automate synchronization starting with the next software reload or system reset and each reload or reset
after that, enter the command at the Redundancy CONFIG level.
Automatic synchronization of the flash code, running-config, and system-config file is enabled by default.
Automatic synchronization of the boot code is disabled by default. To change the automatic synchronization
setting, use one of the following commands:
Syntax: [no] sync-standby boot
Syntax: [no] sync-standby code
Syntax: [no] sync-standby startup-config
Syntax: [no] sync-standby running-config [<num>]
To disable automatic synchronization of the boot code, flash code, or startup-config file, enter “no” in front of the
command.
The <num> parameter with the sync-standby running-config command specifies the synchronization interval.
You can specify from 4 – 20 seconds. The default is 10 seconds.
To disable automatic synchronization of the running-config, set the synchronization interval (the <num>
parameter) to 0.
3 - 14 June 2005
Using Redundant Management Modules
NOTE: This procedure applies only to synchronization of the boot code and running-config. To change
automatic synchronization of other software, use the CLI procedure above.
1. Log on to the device using a valid user name and password for read-write access. The System configuration
dialog is displayed.
2. Select the Redundant link to display the following panel.
3. To enable automatic synchronization of the boot code, select the checkbox next to Boot Flash.
4. To change the synchronization interval for the running-config, enter the new value in the Running
Configuration Interval field. To disable automatic synchronization of the running-config, enter 0 in the field.
5. Select the checkbox next to Boot Flash.
NOTE: Do not click the Synchronize Boot Flash Now button unless you want the active module to
immediately copy its boot flash image to the standby module.
6. Click the Apply button to send the configuration change to the active module’s running-config file.
7. If you want the change to remain in effect following the next system reload, select the Save link to save the
configuration change to the active redundant management module's startup-config file. (The change is
automatically sent to the standby module when the active module's system-config file is copied to the standby
module.)
June 2005 3 - 15
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Specify the slot number containing the currently active management module. Do not specify the slot number
containing the standby module to which you want to switch over.
The <slot-num> parameter specifies the chassis slot:
• Slots in a 4-slot chassis are numbered 1 – 4, from top to bottom.
• Slots in an 8-slot chassis are numbered 1 – 8, from left to right.
• Slots in a 15-slot chassis are numbered 1 – 15, from left to right.
USING THE WEB MANAGEMENT INTERFACE
1. Log on to the device using a valid user name and password for read-write access. The System configuration
dialog is displayed.
2. Select the Redundant link to display the following panel.
3. Select the Switch-over Active Module link. A message appears asking you to verify that you want to switch
over from the active module to the standby.
4. Select Yes to switch over or No to cancel the switchover request.
5. Click the Add button to save the change to the device’s running-config file.
6. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
3 - 16 June 2005
Chapter 4
Using the T-Flow Redundant Management Module
The T-Flow Redundant Management Module version 1 (T-Flow) is a redundant management module for 9300
series Routing Switches. The T-Flow supports all of the features supported by Management 2 and 4 modules, but
enhances feature performance using new hardware architecture.
NOTE: This chapter does not describe how to configure redundancy parameters. See “Using Redundant
Management Modules” on page 3-1.
Overview
The T-Flow provides enhanced performance using distributed processing among multiple CPUs. The multiple
CPUs enable the T-Flow to perform the following in hardware:
• Process Access Control Lists (ACLs)
• Perform Policy-Based Routing (PBRs)
• Perform Network Address Translation (NAT)
• Collect statistics and export them for NetFlow-based accounting and billing
Figure 4.1 shows the T-Flow.
TSP CPU
LEDs MP LEDs Serial port
Active Console
Pwr
The T-Flow does not have network interfaces but does have a serial management interface. In addition, the
module has status LEDs for its Management Processor (MP) and T-Flow Switching Processor (TSPs), described
in “Management and Co-Processing CPUs” on page 4-1 and “Status LEDs” on page 4-13.
• Three T-Flow Switching Processor (TSPs) – The TSPs perform Layer 2 and Layer 3 switching for the
forwarding modules.
The MP and the TSP have their own flash memory with primary and secondary areas.
Figure 4.2 illustrates the architecture of the T-Flow.
Feature Coexistence
The T-Flow architecture allows all the following features to be configured and active on a given port at the same
time.
• Input ACLs
• Input rate limiting
• NetFlow Export
• sFlow Export
• Network Address Translation (NAT)
• Policy-Based Routing (PBR)
• Output ACLs
• Output rate limiting
When two or more of these features are applicable for a packet, the T-Flow processes the features in the order
listed above.
Temperature Sensor
The T-Flow also contains a temperature sensor. The sensor generates a Syslog message and SNMP trap if the
module’s temperature exceeds a specified warning level or shutdown level. You can use the CLI or Web
management interface to display the management module's temperature and to change the warning and
shutdown temperature levels. See “Using the Temperature Sensor” on page 6-47.
Management Redundancy
The T-Flow supports management redundancy. You can install a second T-Flow to act as a backup and take over
management of the Routing Switch if the active T-Flow becomes unavailable.
Management redundancy is described in “Using Redundant Management Modules” on page 3-1. Management
redundancy using a pair of T-Flow modules works as described in the chapter, with the following important
differences:
• The TSP CPUs on both modules actively process traffic. Only the MP CPU on the standby module is in
backup mode. The TSP CPUs on the standby module actively process traffic.
• The TSP CPU flash code is not automatically synchronized. To synchronize the flash code on the TSP CPUs,
use the vm copy tftp flash command, described in “File Synchronization Between the Active and Standby
Redundant Management Modules” on page 3-10. The flash code on the CPU is automatically synchronized.
• If you use a pair of T-Flow management modules in a chassis for redundancy, the device does not reassign
the forwarding modules assigned to the TSP CPUs on the active module to the other module following a hot
swap. See the next section.
Management Redundancy and Hot Swap
If you use a pair of T-Flow management modules in a chassis for redundancy, the device does not reassign the
forwarding modules assigned to the TSP CPUs on the active module to the other module following a hot swap.
This is true in the following cases:
• If you insert a standby T-Flow into an active device, the device does not replicate the assignments of the
forwarding modules to the TSP CPUs on the standby module. To work around this issue, use the vm-map
command to assign the forwarding modules to the TSP CPUs on the standby module after you insert the
module.
• If you remove a standby T-Flow module that has taken over forwarding on an active device, the forwarding
modules assigned to the TSP CPUs on the standby module are not reassigned to the TSP CPUs on the
default active module. To avoid traffic interruption, use the vm-map command to assign the forwarding
modules to the TSP CPUs on the default active T-Flow module before removing the standby module.
To list the TSP CPU assignments, enter the following command: show vm-map
To assign forwarding modules to TSP CPUs, enter the following command:
vm vm-map <from-slotnum> vm-slot <to-slotnum> vm-cpu <cpunum>
The <from-slotnum> parameter specifies the slot that contains the forwarding module.
The <to-slotnum> parameter specifies the slot that contains the T-Flow.
The <cpunum> parameter specifies the VSM CPU on <to-slotnum> that will perform the processing. The VSM
CPUs are numbered from 1 – 3.
Total Mbps
Module type Weight
capacity
The device assigns the forwarding modules to TSPs in numerical order (always starting with TSP 1) and beginning
with the module with the highest weight and working down to the module with the lowest weight.
The device assigns a forwarding module’s ports to only one TSP. A single module’s ports are never distributed
across multiple TSPs.
The allocations determine the TSP that will process traffic received on a forwarding module’s ports. For example,
if an 8-port Gigabit module in slot 3 is allocated to TSP 1, then that CPU processes all the traffic received on the
module’s ports.
NOTE: If you hot-swap a module into or out of the chassis after the allocations have taken place at startup, the
device does not re-allocate modules to even out the load sharing. Instead, the device allocates the module you
insert to the TSP that currently has the least weight allocated to it. If you remove a module, the device subtracts
the module’s weight from the TSP to which the module was allocated.
Here are some examples of load sharing allocations for various configurations. Notice that for a four-slot chassis,
each forwarding module is allocated to its own TSP. The module’s weights determine the TSPs to which they are
allocated. For a chassis with more than four slots, some TSPs are allocated more than one module. Nonetheless,
the allocations are based on the forwarding modules’ weights and provide the most even distribution possible.
Example Configuration 1
Table 4.2 shows a module configuration and the resulting TSP allocations for a four-slot chassis. Notice that
since the T-Flow does not have any forwarding ports, the module does not need to be allocated to a TSP.
Order TSP
Slot Module type Weight
allocated
MP = Management Processor
The device begins with the highest-weight module, in this case the 8-port Gigabit module in slot 3, and allocates
that module’s ports to TSP 1. The device then allocates the module with the second-highest weight, in this case
the 24-port 10/100 module in slot 2, to the next TSP with the lowest allocated weight, which is TSP 2. Finally, the
device allocates the last forwarding module, the 24-port 10/100 module in slot 4, to the next TSP with the lowest
allocated weight, TSP 3.
Example Configuration 2
Order
Slot Module type Weight TSP
allocated
MP = Management Processor
TSPTSPTSPTSPTSPAs in the previous example, the device starts with the first sequential highest-weight
module, in this case the 8-port Gigabit module in slot 3, and allocates that module to 1. As shown in this example,
the resulting distribution is fairly even among the three CPUs.
Displaying the Slot Allocations for the TSPs
To display the allocations, enter the show vm-map command. See “Determining the Slot Allocations for the
TSPs” on page 4-14.
Changing Slot Allocations
The default allocations are applicable to almost all configurations. However, you can remap a module to another
TSP CPU. To do so, enter a command such as the following at the global CONFIG level of the CLI:
ProCurveRS(config)# vm vm-map slot 3 vm-slot 2 vm-cpu 1
This command remaps processing for the modules in slot 3 to TSP CPU 1 on the T-Flow in slot 2.
Syntax: vm vm-map <from-slotnum> vm-slot <to-slotnum> vm-cpu <cpunum>
The <from-slotnum> parameter specifies the slot that contains the forwarding module.
The <to-slotnum> parameter specifies the slot that contains the T-Flow.
The <cpunum> parameter specifies the VSM CPU on <to-slotnum> that will perform the processing. The VSM
CPUs are numbered from 1 – 3.
4TSPTSP Load Sharing on a Per-DMA Basis
Starting in release 07.6.04, the T-Flow supports TSP load sharing on a per-DMA basis. You can configure the T-
Flow to use either per-module or per-DMA TSP load sharing, and you can statically assign ports or slots to
individual TSPs.
In releases prior to 07.6.04, the T-Flow module distributes the load to the TSPs on a per-module basis. When the
HP device is powered on or reset, the T-Flow assigns each of the forwarding modules to a TSP.
In release 07.6.04, the T-Flow can distribute the load to the TSPs on a per-DMA basis. DMAs are packet
processors that control ports on Ethernet modules. Ethernet modules have multiple DMAs, each controlling a set
of ports on the module. For example, a Standard (non-EP) 8-port Gigabit Ethernet module has four DMAs, each
controlling two ports. The following diagram illustrates the relationship between ports and DMAs on a Standard 8-
port Gigabit Ethernet module.
Figure 4.5 DMAs and ports on a Standard 8-port Gigabit Ethernet module
Switch Fabric
On a Standard 8-port Gigabit Ethernet module, separate DMAs control ports 1 – 2, 3 – 4, 5 – 6, and 7 – 8. When
per-DMA TSP load sharing is enabled, the T-Flow assigns forwarding responsibility for each DMA’s ports to a TSP
so that the forwarding load is balanced among the TSPs. This means that a single module’s ports can be
distributed across multiple TSPs. In previous releases, the T-Flow assigned all of a module’s ports to only one
TSP.
NOTE: In release 07.6.04, per-DMA TSP load sharing is supported only for Standard 8-port Gigabit Ethernet
modules. Modules that do not support per-DMA TSP load sharing will have all of their ports assigned to a single
TSP, even if per-DMA TSP load sharing is enabled on the device.
NOTE: You can enter configuration commands only to the MP, not directly to a TSP.
The CLI provides a remote login facility for changing the management session to a TSP. When you log in to a
TSP, the CLI management session changes from the MP to the TSP. At this point, commands apply only to the
TSP. To enter commands to the MP, you must log out of the TSP. The CLI prompt changes to indicate the
chassis slot number and TSP you are logged on to.
Logging In to a TSP
To log in to a TSP, enter a command such as the following at the Privileged EXEC level of the CLI:
ProCurveRS# rconsole 2 1
ProCurveRS2/1 #
This command changes the management session from the MP to TSP 1 on the T-Flow in slot 2. Notice that the
end of the command prompt changes to indicate the slot number and TSP number.
Syntax: rconsole <slotnum> <cpunum>
The <slotnum> parameter specifies the chassis slot that contains the module.
• Slots in a four-slot chassis are numbered 1 – 4, from top to bottom.
• Slots in an eight-slot chassis are numbered 1 – 8, from left to right.
• Slots in a fifteen-slot chassis are numbered 1 – 15, from left to right.
The <cpunum> parameter specifies the TSP. The TSPs are numbered from 1 – 3.
NOTE: You must enter the entire command name (rconsole-exit). The CLI will not accept abbreviated forms of
the command.
TSP Commands
The following commands are supported at the TSP command prompt:
• rconsole-exit – Logs out of the TSP.
• show ? – Displays the available show commands. The following show commands are available:
• show arp – Displays the ARP table.
• show filter – Displays configured filters.
• show ip access-lists – Shows the configured ACLs.
• show ip cache – Shows the IP cache.
• show ip nat – Shows NAT information.
• show ip route – Shows the IP route table.
4 - 10 June 2005
Using the T-Flow Redundant Management Module
June 2005 4 - 11
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
HP9308#show vm-state
==================================================
T-FLOW MODULE (1) App CPU 0 MB SHM, 3 Application Processors
CPU 1 in state of T-FLOW_STATE_RUNNING
CPU 2 in state of T-FLOW_STATE_RUNNING
CPU 3 in state of T-FLOW_STATE_RUNNING
---------------
Module 1 App CPU 1, SW: Version 07.6.04T72
Compiled on Jun 27 2003 at 21:20:01 labeled as TSP07604
DRAM 268M, BRAM 262K, FPGA Version 0050
Code Flash 4M: Primary (1676166 bytes, 07.6.04T72),
Secondary (1217531 bytes, 07.3.03aT72)
Boot Flash 131K, Boot Version 07.01.00
The system uptime is 0 day 0 hour 12 minute 21 second
General Status: 0 ipc msg rec, 2 ipc msg sent
---------------
Module 1 App CPU 2, SW: Version 07.6.04T72
Compiled on Jun 27 2003 at 21:20:01 labeled as TSP07604
DRAM 268M, BRAM 262K, FPGA Version 0050
Code Flash 4M: Primary (1676166 bytes, 07.6.04T72),
Secondary (1217531 bytes, 07.3.03aT72)
Boot Flash 131K, Boot Version 07.01.00
The system uptime is 0 day 0 hour 12 minute 21 second
General Status: 0 ipc msg rec, 2 ipc msg sent
---------------
Module 1 App CPU 3, SW: Version 07.6.04T72
Compiled on Jun 27 2003 at 21:20:01 labeled as TSP07604
DRAM 268M, BRAM 262K, FPGA Version 0050
Code Flash 4M: Primary (1676166 bytes, 07.6.04T72),
Secondary (1217531 bytes, 07.3.03aT72)
Boot Flash 131K, Boot Version 07.01.00
The system uptime is 0 day 0 hour 12 minute 21 second
General Status: 0 ipc msg rec, 2 ipc msg sent
4 - 12 June 2005
Using the T-Flow Redundant Management Module
Status LEDs
You can determine the status of a T-Flow processor by observing its LEDs. The processors have the following
LEDs. Each TSP has its own column of TxAct and RxAct LEDs. The left column shows activity for TSP 1, the
middle column shows activity for TSP 2, and the right column shows activity for TSP 3.
Software
You can display status information for a T-Flow using either of the following methods.
NOTE:
• Slots in a four-slot chassis are numbered 1 – 4, from top to bottom.
• Slots in an eight-slot chassis are numbered 1 – 8, from left to right.
• Slots in a fifteen-slot chassis are numbered 1 – 15, from left to right.
June 2005 4 - 13
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
• STANDBY – The module is the standby management module. (This applies only to management modules
that support redundancy.)
• COMING UP – The module is coming up as the standby module. This status can be observed during
switchover.
• FAILED – This status indicates that the host module failed to come up.
• OK – This status indicates that the module came up and is operating normally.
NOTE: The ACTIVE, STANDBY, and COMING UP status values apply only to management modules.
NOTE: The ACTIVE, STANDBY, and COMING UP status values apply only to management modules.
4 - 14 June 2005
Using the T-Flow Redundant Management Module
• The total weight assigned to the TSP (“weight 24“ in the first row of this example).
NOTE: If the ports on a module are not up, the output says "will be processed" instead of "is processed" and
the weight is listed as "0". In this case, the T-Flow reserves a TSP for the module but does not add weight for
the module’s ports to the reserved TSP.
NOTE: For reference, this example matches “Example Configuration 1” on page 4-4.
When per-DMA TSP load sharing is enabled on the device, the show vm-map command displays static TSP
assignments. For example:
Static configuration:
slot 1 (weight 80 x 100M):
e 1/1-1/2 is processed by TSP processor 4/3
e 1/3-1/4 is processed by TSP processor 4/1
In the example above, per-DMA TSP load sharing has been enabled on the device. The module in slot 1
supports per-DMA TSP load sharing, but the module in slot 2 does not. The T-Flow is located in slot 4.
On the module in slot 1, the DMAs controlling ports 1 – 2 and 3 – 4 have been statically assigned to TSPs. The
DMAs controlling the other ports on the module have been dynamically assigned to TSPs based on the weight of
the DMAs.
All of the ports on the module in slot 2 are assigned to TSP 4/1. Since the module does not support per-DMA TSP
load sharing, all of its ports are assigned to a single TSP.
June 2005 4 - 15
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
4 - 16 June 2005
Chapter 5
Using the 2-Port 10-Gigabit Ethernet Module
NOTE: For information on installing or removing either a 10-Gigabit Ethernet module or the XENPAK optics used
with the J8174A 2-port 10-Gigabit Ethernet module, refer to any of the following:
• Chapter 2, “Installation” on page 2-1
• Quick Start Guide for ProCurve 9300 Series Routing Switches (included with 9300M series chassis models).
• Removing and Installing XENPAK Optics, an instruction sheet included in the Documentation CD shipped
with HP ProCurve Series 9300 modules
HP periodically updates the Routing Switch 9300M series documentation. You can download the latest version of
the documentation for your Routing Switch by visiting the HP Procurve website at:
http://www.procurve.com
Click on technical support, then product manuals.
This chapter describes the HP 2-port 10-Gigabit Ethernet modules. It contains the following topics:
• “1-Port 10 Gigabit Ethernet Module (Discontinued)” below
• “2-Port 10-Gigabit Ethernet Modules with XENPAK Optics” on page 5-2
• “Cleaning the Fiber Optic Connectors” on page 5-3
• “Cabling 10 Gigabit Ethernet Modules” on page 5-3
• “Port LEDs” on page 5-4
• “Troubleshooting Network Connections” on page 5-4
• “Upgrading an FPGA on a 10 Gigabit Ethernet Module” on page 5-8
Link 1
Activity
This module provides one 10 Gigabit interface. The interfaces operate at full duplex. For the serial port types
listed above, use the matching fiber type with an SC connector. For example, if you are using the 1310nm serial
module for single-mode fiber, attach a 1310nm single-mode fiber cable that has an SC connector.
HP 10 Gigabit Ethernet modules are compliant with the IEEE 802.3ae 10-Gigabit Ethernet standard.
System Requirements
The 1-port 10 Gigabit Ethernet modules are supported in the following products:
• 9304M, 9308M, and 9315M
• All M2 and M4 management modules, including the J4885A EP mini-GBIC management module. (M1
management modules do not support the 1-port 10 Gigabit module.)
NOTE: The non-XENPAK 10 Gigabit Ethernet module can function in the same chassis with HP’s XENPAK-
based 2-Port 10-Gigabit Ethernet modules.
TX RX TX RX
Link Link E
G rt
Activity Activity 10 po
1 2 2-
The 10 Gigabit Ethernet interfaces operate at full duplex. The module uses GBIC-like XENPAK Multisource
Agreement (MSA) optics. The XENPAK optics are hot-swappable, allowing you to change the optics without
removing the module from the chassis.
System Requirements
The XENPAK-based J8174A 2-port 10 Gigabit Ethernet module is supported in the 9304M, 9308M, and 9315M.
NOTE: The XENPAK-based 10 Gigabit Ethernet modules can function in the same chassis with the non-
XENPAK-based 1-port 10 Gigabit Ethernet modules.
2. Before attaching cables to the module, HP strongly recommends cleaning the cable connectors and the port
connectors. For more information, see “Cleaning the Fiber Optic Connectors”.
3. Gently insert the two cable connectors (a tab on each connector should face upward) into the port connectors
until the tabs lock into place.
4. Observe the link and active LEDs to determine if the network connections are functioning properly. For more
information about the LED indicators, see Table 5.1.
Port LEDs
The LEDs listed in Table 5.1 provide status information for 10 Gigabit Ethernet ports. All types of HP 10 Gigabit
Ethernet modules use the same port LEDs.
Link Off A link is not established with the remote port. You can do the
following:
• Verify that the connection to the other network device has been
properly made. Also, make certain that the other network device
is powered on and operating correctly.
• Verify that the transmit port on the HP device is connected to
the receive port on the other network device, and that the
receive port on the HP device is connected to the transmit port
on the other network device. If you are not certain, remove the
two cable connectors from the port connector and reinsert them
in the port connector, reversing their order.
• Dust may have accumulated in the cable connector or port
connector. For information about cleaning the connectors, see
“Cleaning the Fiber Optic Connectors” on page 5-3.
• If the other actions don’t resolve the problem, try using a
different port or a different cable.
Activity Off for an The port is not transmitting or receiving user packets. You can do the
extended following:
period.
• Check the Link LED to make sure the link is still established with
the remote port. If not, take the actions described in the
Meaning/Action column for the Link LED.
• Verify that the port has not been disabled through a
configuration change. You can use the CLI to do this. If you have
configured an IP address on the device, you also can use the
Web management interface .
Link Fault Signalling (LFS) is a physical layer protocol that enables communication on a link between two 10
Gigabit Ethernet devices. When configured on an HP 10 Gigabit Ethernet port, the port can detect and report
fault conditions on transmit and receive ports.
HP’s 10 Gigabit Ethernet devices include the following:
• First generation device:
• 1-port 10 Gigabit Ethernet Module
• Second generation devices:
• 2-port 10 Gigabit Ethernet Module with XENPAK optics
HP introduced LFS in software release 07.6.02, thereby enabling HP’s 10 Gigabit Ethernet devices to
communicate critical link status information.
In release 07.6.03, HP’s implementation of LFS became compliant with the IEEE standard, however, you could
enable it only between two First generation 10 Gigabit Ethernet devices, or between two Second generation 10
Gigabit Ethernet devices. LFS support was not available between First generation and Second generation 10
Gigabit Ethernet devices.
In software release 07.6.04 and later, HP’s software supports LFS among all 10 Gigabit Ethernet devices,
including LFS support between First and Second generation devices.
When you enable this feature, the transmit port notifies the remote port whenever the fiber cable is either
physically disconnected or has failed. When this occurs and the feature is enabled, the device disables the link
and turns OFF both LEDs associated with the ports.
By default, Remote Fault Notification (RFN) is disabled. In this case, if the transmit port becomes physically
disabled or fails, the link still appears as though it is enabled and the LEDs for both ports remain ON.
Configuration Notes
• RFN is supported in software releases 07.6.05 and later.
• This feature is only available for Gigabit Ethernet Fiber ports. It is not available for 10/100 ports and Gigabit
Ethernet Copper ports.
To disable RFN after enabling it, use the no parameter with the command.
NOTE: If an upgrade is required for any of the FPGA files, you must upgrade all the FPGA files.
1. Complete the upgrades of the boot code and flash code, if required.
2. Enter commands such as the following at the Privileged EXEC level of the CLI for the J4891A 1-port 10-
Gigabit module:
ProCurveRS# 10gig copy tftp flash 10.10.10.10 rxbmgr.bin
ProCurveRS# 10gig copy tftp flash 10.10.10.10 rxpp.bin
ProCurveRS# 10gig copy tftp flash 10.10.10.10 txaccum.bin
ProCurveRS# 10gig copy tftp flash 10.10.10.10 txpp.bin
ProCurveRS# 10gig copy tftp flash 10.10.10.10 ageram.bin
For the J8174A 2-port 10-Gigabit module, enter:
ProCurveRS# 10gig copy tftp flash 10.10.10.10 xpp.bin
ProCurveRS# 10gig copy tftp flash 10.10.10.10 xtm.bin
Syntax: 10gig copy tftp flash <ip-addr> <filename> [module <slotnum>]
where:
• tftp – The tftp parameter indicates that the file is on a TFTP server.
• <ip-addr> – specifies the IP address of the TFTP server, if you specify tftp.
• <filename> – specifies the FPGA file name.
NOTE: You can store and copy the FPGA files using any valid filename; however, HP recommends that you
use the file names listed in the “Software Image Files” section of the release notes. The device uses
information within the files to install them in the correct FPGAs. The show flash command lists the FPGAs.
For an example of the show flash output, see “Displaying the Installed FPGA Revisions” on page 5-9.
• module <slotnum> – optionally, specifies the modules on which you want to install the upgrade. If you do
not specify a slot number, the command upgrades the FPGA on all 10 Gigabit Ethernet modules in the
chassis.
3. Reload the software by entering one of the following commands:
• reload (this command boots from the default boot source, which is the primary flash area by default)
• boot system flash primary | secondary
NOTE: The show flash command will list the new FPGA code versions but the new versions do not take
effect until you reload the software.
5 - 10 June 2005
Chapter 6
Configuring Basic Features
This chapter describes how to configure basic, non-protocol features on HP devices using the CLI and Web
management interface.
This chapter contains procedures for configuring the following parameters:
• Basic system parameters – see “Configuring Basic System Parameters” on page 6-3
• Basic port parameters – see “Configuring Basic Port Parameters” on page 6-20
• Basic Layer 2 parameters – see “Configuring Basic Layer 2 Parameters” on page 6-27
• Basic Layer 3 parameters – see “Enabling or Disabling Routing Protocols” on page 6-42
• System defaults and table sizes – see “Displaying and Modifying System Parameter Default Settings” on
page 6-43
• Temperature sensor parameters – see “Using the Temperature Sensor” on page 6-47
• Mirror ports (for traffic diagnosis and troubleshooting) – see “Assigning a Mirror Port and Monitor Ports” on
page 6-50
HP devices are configured at the factory with default parameters that allow you to begin using the basic features
of the system immediately. However, many of the advanced features such as VLANs or routing protocols for the
Routing Switch must first be enabled at the system (global) level before they can be configured.
• If you use the Command Line Interface (CLI) to configure system parameters, you can find these system level
parameters at the Global CONFIG level of the CLI.
• If you use the Web management interface, you enable or disable system level parameters on the System
configuration panel, which is displayed by default when you start a management session. Figure 6.1 shows
an example of the System configuration panel on an 9300 series Routing Switch.
NOTE: Before assigning or modifying any Routing Switch parameters, you must assign the IP subnet
(interface) addresses for each port.
NOTE: This chapter does not describe how to configure Virtual LANs (VLANs) or link aggregation. For VLAN
configuration information, see “Configuring Virtual LANs (VLANs)” on page 11-1. For link aggregation information,
see “Configuring Trunk Groups and Dynamic Link Aggregation” on page 7-1.
NOTE: For information about configuring IP addresses, DNS resolver, DHCP assist, and other IP-related
parameters, see the “Configuring IP” chapter of the Advanced Configuration and Management Guide for ProCurve
9300/9400 Series Routing Switches.
For information about the Syslog buffer and messages, see “Using Syslog” on page A-1.
You can perform the following configuration tasks from the System configuration panel:
• Enter system administration information.
• Assign IP subnet (interface) addresses and masks.
• Configure Domain Name Server (DNS) Resolver.
• Define a MAC address filter.
• Set the system clock.
• Configure the device to use a Simple Network Time Protocol (SNTP) server.
• Enable port-based and/or Layer 3 protocol VLANs.
• Enable or disable protocol—OSPF, RIP, IPX, DVMRP, PIM, VRRP, BGP4, AppleTalk.
• Enable or disable Spanning Tree Protocol.
• Enable or disable SNMP operation and configure SNMP community strings, trap receivers, and other
parameters.
• Enable or disable IEEE 802.1q VLAN tagging.
• Enable or disable Telnet.
• Change the aging period (switch age time) for entries in the address table.
• Assign a mirror port.
NOTE: For information about the Syslog buffer and messages, see “Using Syslog” on page A-1.
NOTE: The chassis name command does not change the CLI prompt. Instead, the command assigns an
administrative ID to the device.
3. Edit the value in the Name field to change the device name. The name can contain blanks.
4. Enter the name of the administrator for the device in the Contact field. The name can contain blanks.
5. Enter the device’s location in the Location field. The location can contain blanks.
6. Click the Apply button to save the change to the device’s running-config file.
7. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
NOTE: You also can access the dialog for saving configuration changes by clicking on the plus sign next to
Command in the tree view, then clicking on Save to Flash.
NOTE: To add and modify “get” (read-only) and “set” (read-write) community strings, see the Security Guide for
ProCurve 9300/9400 Series Routing Switches.
3. Click the Trap Receiver link to display the Trap Receiver panel.
4. Click Add Trap Receiver link to add a new trap receiver and display the following panel.
virtual routing interface that is the source for the traps. The HP device then uses the lowest-numbered IP address
configured on the port or interface as the source IP address in the SNMP traps sent by the device.
Identifying a single source IP address for SNMP traps provides the following benefits:
• If your trap receiver is configured to accept traps only from specific links or IP addresses, you can use this
feature to simplify configuration of the trap receiver by configuring the HP device to always send the traps
from the same link or source address.
• If you specify a loopback interface as the single source for SNMP traps, SNMP trap receivers can receive
traps regardless of the states of individual links. Thus, if a link to the trap receiver becomes unavailable but
the receiver can be reached through another link, the receiver still receives the trap, and the trap still has the
source IP address of the loopback interface.
To specify a port, loopback interface, or virtual routing interface whose lowest-numbered IP address the HP device
must use as the source for all SNMP traps sent by the device, use the following CLI method.
USING THE CLI
To configure the device to send all SNMP traps from the first configured IP address on port 4/11, enter the
following commands:
ProCurveRS(config)# snmp-server trap-source ethernet 4/11
ProCurveRS(config)# write memory
Syntax: snmp-server trap-source loopback <num> | ethernet <portnum> | ve <num>
The <num> parameter is a loopback interface or virtual routing interface number. If you specify an Ethernet port,
the <portnum> is the port’s number.
To specify a loopback interface as the device’s SNMP trap source, enter commands such as the following:
ProCurveRS(config)# int loopback 1
ProCurveRS(config-lbif-1)# ip address 10.0.0.1/24
ProCurveRS(config-lbif-1)# exit
ProCurveRS(config)# snmp-server trap-source loopback 1
The commands in this example configure loopback interface 1, assign IP address 10.00.1/24 to the loopback
interface, then designate the interface as the SNMP trap source for this Routing Switch. Regardless of the port
the HP device uses to send traps to the receiver, the traps always arrive from the same source IP address.
USING THE WEB MANAGEMENT INTERFACE
You cannot configure a trap source using the Web management interface.
Setting the SNMP Trap Holddown Time
When an HP device starts up, the software waits for Layer 2 convergence (STP) and Layer 3 convergence (OSPF)
before beginning to send SNMP traps to external SNMP servers. Until convergence occurs, the device might not
be able to reach the servers, in which case the messages are lost.
By default, an HP device uses a one-minute holddown time to wait for the convergence to occur before starting to
send SNMP traps. After the holddown time expires, the device sends the traps, including traps such as “cold start”
or “warm start” that occur before the holddown time expires.
You can change the holddown time to a value from one second to ten minutes.
USING THE CLI
To change the holddown time for SNMP traps, enter a command such as the following at the global CONFIG level
of the CLI:
ProCurveRS(config)# snmp-server enable traps holddown-time 30
The command in this example changes the holddown time for SNMP traps to 30 seconds. The device waits 30
seconds to allow convergence in STP and OSPF before sending traps to the SNMP trap receiver.
Syntax: [no] snmp-server enable traps holddown-time <secs>
The <secs> parameter specifies the number of seconds and can be from 1 – 600 (ten minutes). The default is 60
seconds.
USING THE WEB MANAGEMENT INTERFACE
You cannot configure the parameter using the Web management interface.
Disabling SNMP Traps
ProCurve Routing Switches come with SNMP trap generation enabled by default for all traps. You can selectively
disable one or more of the following traps.
NOTE: For a list of the trap values, see the Command Line Interface Reference for ProCurve 9300/9400 Series
Routing Switches.
NOTE: The Privileged EXEC level is sometimes called the “Enable” level, because the command for accessing
this level is enable.
NOTE: Messages for accessing the User EXEC level apply only to access through Telnet. The device does not
authenticate initial access through serial connections but does authenticate serial access to the Privileged EXEC
level. Messages for accessing the Privileged EXEC level apply to access through the serial connection or Telnet.
The following examples show login and logout messages for the User EXEC and Privileged EXEC levels of the
CLI:
6 - 10 June 2005
Configuring Basic Features
NOTE: ProCurve Routing Switches do not retain time and date information across power cycles. Unless you
want to reconfigure the system time counter each time the system is reset, Hewlett-Packard recommends that you
use the SNTP feature.
June 2005 6 - 11
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
when Amount of time since the last NTP packet was received from the peer
6 - 12 June 2005
Configuring Basic Features
Table 6.2: Output from the show sntp status command (Continued)
reference clock IP Address of the peer (if any) to which the unit is synchronized
root delay Total delay along the path to the root clock
NOTE: If you have already configured an SNTP server, the server information is listed; otherwise, select the
Add NTP Server link at the bottom of the panel to add a new SNTP server.
NOTE: You can synchronize the time counter with your SNTP server time by entering the sntp sync command
from the Privileged EXEC level of the CLI.
NOTE: Unless you identify an SNTP server for the system time and date, you will need to re-enter the time and
date following each reboot.
For more details about SNTP, see “Specifying a Simple Network Time Protocol (SNTP) Server” on page 6-11.
June 2005 6 - 13
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
6 - 14 June 2005
Configuring Basic Features
2. Select the Clock link to display the Clock panel, shown below.
3. Select the time zone by selecting the offset from Greenwich Mean Time that applies to your time zone. For
example, to set your device to California time, select GMT-08, which means Greenwich Mean Time minus
eight hours.
NOTE: You do not need to adjust for Daylight Savings Time. You enable or disable Daylight Savings Time
separately in the following step.
4. Select Disable or Enable next to Daylight Saving Time to enable or disable it.
5. Enter the month, day, and year in the Date fields. You must enter the year as four digits.
6. Enter the hour, minute, and seconds in the Time fields.
7. Select AM or PM.
8. Click Apply to save the changes to the device’s running-config file.
9. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
June 2005 6 - 15
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Backward Compatibility
When you upgrade a Routing Switch that is running software older than 05.2.00, the new software makes
modifications to the running-config and startup-config files to ensure that the negotiation settings remain
unchanged for the installed device. For new devices running 05.2.00, the default for all Gigabit Ethernet ports is
negotiate-full-auto.
To provide the backward compatibility, the software places a line in the running-config file to identify the software
version that generated the file. For software release 05.2.00, the version line is as follows: “version 05.2.00”.
When you save configuration changes to the startup-config file, the software assumes, based on the presence of
the version line in the running-config file, that the device is running software release 05.2.00 or later, which
contains the change to the Gigabit Ethernet negotiation default.
If the device already has a startup-config file when you update to software release 05.2.00, the software adds the
following command to the startup-config file: gig-default neg-off. This command sets the global negotiation
mode to negotiation-off, the default behavior in software releases earlier than 05.2.00. By setting the default mode
to negotiation-off, the new software ensures that the device’s Gigabit Ethernet links continue to operate as before.
(Although you cannot set a global default for Gigabit Ethernet negotiation in software releases earlier than
05.2.00, the implicit default behavior is negotiation-off.)
If the startup-config file contains the auto-gig command to configure individual ports for auto-Gigabit, the
command is changed to the new format, gig-default auto-gig. Thus, the ports continue to use the auto-Gigabit
setting.
Changing the Negotiation Mode
You can change the negotiation mode globally and for individual ports. Use either of the following methods.
USING THE CLI
To change the mode globally, enter a command such as the following:
ProCurveRS(config)# gig-default neg-off
This command changes the global setting to negotiation-off. The global setting applies to all Gigabit Ethernet
ports except those for which you set a different negotiation mode on the port level.
To change the mode for individual ports, enter commands such as the following:
ProCurveRS(config)# int ethernet 4/1 to 4/4
ProCurveRS(config-mif-4/1-4/4)# gig-default auto-gig
This command overrides the global setting and sets the negotiation mode to auto-Gigabit for ports 4/1 – 4/4.
Here is the syntax for globally changing the negotiation mode.
Syntax: gig-default neg-full-auto | auto-gig | neg-off
Here is the syntax for changing the negotiation mode on individual ports.
Syntax: gig-default neg-full-auto | auto-gig | neg-off
USING THE WEB MANAGEMENT INTERFACE
To change the global default:
1. Log on to the device using a valid user name and password for read-write access. The System configuration
panel is displayed.
2. Select the Advance link to display the advanced System parameters panel.
3. Select one of the following values from the Gig Port Default field’s pulldown menu:
• Neg-off – The port does not try to perform a handshake. Instead, the port uses configuration information
manually configured by an administrator.
• Auto-Gig – The port tries to perform a handshake with the other port to exchange capability information.
• Neg-Full-Auto – The port first tries to perform a handshake with the other port to exchange capability
information. If the other port does not respond to the handshake attempt, the port uses the manually
6 - 16 June 2005
Configuring Basic Features
configured configuration information (or the defaults if an administrator has not set the information).
4. Click Apply to save the changes to the device’s running-config file.
5. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
To override the global negotiation mode for an individual port:
1. Log on to the device using a valid user name and password for read-write access. The System configuration
panel is displayed.
2. Click on the plus sign next to Configure in the tree view to display the configuration options.
3. Click on the plus sign next to Port in the tree view to display the configuration options.
4. Select the link for the port type you want to change (for example, Ethernet) to display the Port table.
5. Click on the Modify button next to the row of information for the port you want to reconfigure.
6. Select one of the following values from the Gig Port Default field’s pulldown menu:
• Default – The port uses the negotiation mode that was set at the global level.
• Neg-off – The port does not try to perform a handshake. Instead, the port uses configuration information
manually configured by an administrator.
• Auto-Gig – The port tries to perform a handshake with the other port to exchange capability information.
• Neg-Full-Auto – The port first tries to perform a handshake with the other port to exchange capability
information. If the other port does not respond to the handshake attempt, the port uses the manually
configured configuration information (or the defaults if an administrator has not set the information).
7. Click Apply to save the changes to the device’s running-config file.
8. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
NOTE: By default, IP Multicast (including IGMP) is disabled. You can enable it using the ip multicast passive |
active command. As long as IP Multicast is enabled (regardless of whether it is passive or active), no IP Multicast
packets (not even IGMP packets) are limited.
Limiting Broadcasts
To limit the number of broadcast packets an HP device can forward each second, use the following CLI method.
USING THE CLI
To globally limit the number of broadcast packets an 9300 series Routing Switch forwards to 100,000 per second,
enter the following command at the global CONFIG level of the CLI:
ProCurveRS(config)# broadcast limit 100000
ProCurveRS(config)# write memory
To limit the number of broadcast packets sent on port 1/3 to 80,000, enter the following commands:
ProCurveRS(config)# int ethernet 1/3
ProCurveRS(config-if-1/3)# broadcast limit 80000
June 2005 6 - 17
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
6 - 18 June 2005
Configuring Basic Features
between the dollar signs is the contents of the banner. The banner text can be up to 2048 characters long and can
consist of multiple lines. To remove the banner, enter the no banner motd command.
Syntax: [no] banner <delimiting-character> | [motd <delimiting-character>]
NOTE: The banner <delimiting-character> command is equivalent to the banner motd <delimiting-character>
command.
When you access the Web management interface, the banner is displayed:
June 2005 6 - 19
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
The <number-of-lines> parameter indicates the maximum number of lines that will be displayed on a full screen of
text during the current session. If the displayed information requires more than one page, the terminal pauses.
Pressing the space bar displays the next page.
The default for <number-of-lines> is 24. Entering a value of 0 prevents the terminal from pausing between multiple
output pages:
NOTE: To modify Layer 2, Layer 3, or Layer 4 features on a port, see the appropriate section in this chapter or
other chapters. For example, to modify Spanning Tree Protocol (STP) parameters for a port, see “Modifying STP
Bridge and Port Parameters” on page 6-28.
NOTE: To configure trunk groups or dynamic link aggregation, see “Configuring Trunk Groups and Dynamic Link
Aggregation” on page 7-1.
All HP ports are pre-configured with default values that allow the device to be fully operational at initial startup
without any additional configuration. However, in some cases, changes to the port parameters may be necessary
to adjust to attached devices or other network requirements.
The current port configuration for all ports is displayed when you select the Port link from the Configure tree. You
can easily determine a port’s state by observing the color in the Port field.
• Red – indicates there is no link.
• Green – indicates the link is good.
6 - 20 June 2005
Configuring Basic Features
This example shows the port states for an 9300 series Routing Switch that has not yet been connected to the rest
of the network.
Click on the Copy or Modify button next to a row of port information to display a configuration panel for that port.
• Select Modify to change parameters for a port.
• Select Copy to apply a port’s parameter settings to another port.
June 2005 6 - 21
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: A slot option appears on the chassis port configuration sheet. Slot corresponds to a module slot number.
NOTE: The IEEE Tagging option appears only on the Port configuration sheet when tagging is enabled at the
system level and a VLAN is defined on the system.
NOTE: The port speed option 1 Gbps is displayed only when a 1000BaseSX, 1000BaseLX, or 1000BaseT
Gigabit port or module is resident on the Routing Switch. Additionally, only the full-duplex mode is visible. When
a 10/100BaseTX Ethernet port or module is being configured, the options are 10/100 Auto, 10 Mbps, and 100
Mbps.
6 - 22 June 2005
Configuring Basic Features
4. Select the link to the port type you want (for example, Ethernet) to display the Port table.
5. Click on the Modify button next to the row of information for the port you want to reconfigure.
6. Enter a name in the Name field.
7. Click Apply to save the changes to the device’s running-config file.
8. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
NOTE: Modifying the port speed of a port that has a pre-configured rate limit policy may result in the inability to
remove the port's rate limit policy.
June 2005 6 - 23
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
9. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
6 - 24 June 2005
Configuring Basic Features
Syntax: enable
You also can disable or re-enable a virtual routing interface. To do so, enter commands such as the following:
ProCurveRS(config)# interface ve v1
ProCurveRS(config-vif-1)# disable
Syntax: disable
To re-enable a virtual routing interface, enter the enable command at the Interface configuration level. For
example, to re-enable virtual routing interface v1, enter the following command:
ProCurveRS(config-vif-1)# enable
Syntax: enable
USING THE WEB MANAGEMENT INTERFACE
To disable or enable a port:
1. Log on to the device using a valid user name and password for read-write access. The System configuration
panel is displayed.
2. Click on the plus sign next to Configure in the tree view to display the configuration options.
3. Click on the plus sign next to Port in the tree view to display the configuration options.
4. Select the link to the port type you want (for example, Ethernet) to display the Port table.
5. Click on the Modify button next to the row of information for the port you want to reconfigure.
6. Select either Enable or Disable option next to the Status option.
7. Click Apply to save the changes to the device’s running-config file.
8. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
NOTE: You cannot disable or re-enable a virtual routing interface using the Web management interface.
June 2005 6 - 25
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: To use this feature, 802.3x flow control must be enabled globally on the device. By default, 802.3x flow
control is enabled on HP devices, but can be disabled with the no flow-control command.
To specify threshold values for flow control, enter the following command:
ProCurveRS(config)# qd-flow sink 75 sunk 50 slot 1
Syntax: qd-flow sink <sinking-threshold> sunk <sunk-threshold> slot <slot>
The threshold values are percentages of the total number of buffers available to a module's Buffer Manager.
When the <sinking-threshold> is reached, the HP device sends out 802.3x PAUSE frames telling the sender to
stop sending traffic for a period of time.
When the <sunk-threshold> is reached, the HP device drops traffic at the specified priority level.
The <slot> parameter specifies the location of the module where the thresholds are to take effect.
6 - 26 June 2005
Configuring Basic Features
1. Log on to the device using a valid user name and password for read-write access. The System configuration
panel is displayed.
2. Click on the plus sign next to Configure in the tree view to display the configuration options.
3. Click on the plus sign next to Port in the tree view to display the configuration options.
4. Select the link to the port type you want (for example, Ethernet) to display the Port table.
5. Click on the Modify button next to the row of information for the port you want to reconfigure.
6. Select one of the following values from the Gig Port Default field’s pulldown menu:
• Default – The port uses the negotiation mode that was set at the global level.
• Neg-off – The port does not try to perform a handshake. Instead, the port uses configuration information
manually configured by an administrator.
• Auto-Gig – The port tries to perform a handshake with the other port to exchange capability information.
• Neg-Full-Auto – The port first tries to perform a handshake with the other port to exchange capability
information. If the other port does not respond to the handshake attempt, the port uses the manually
configured configuration information (or the defaults if an administrator has not set the information).
7. Click Apply to save the changes to the device’s running-config file.
8. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
NOTE: You also can access the dialog for saving configuration changes by clicking on Command in the tree
view, then clicking on Save to Flash.
NOTE: The procedures in this chapter describe how to configure basic STP parameters. For more
information about STP, see “Configuring Spanning Tree Protocol (STP) and Advanced STP Features” on
page 8-1.
• Aging time for learned MAC address entries – see “Changing the MAC Age Time” on page 6-30
• Static, non-aging MAC address entries – see “Configuring Static MAC Entries” on page 6-31
• Port-based VLANs – see “Enabling Port-Based VLANs” on page 6-33
• MAC address filters – see “Defining MAC Address Filters” on page 6-34
• Broadcast and Multicast Filters – see “Defining Broadcast and Multicast Filters” on page 6-40
• Port locks – see “Locking a Port To Restrict Addresses” on page 6-42
June 2005 6 - 27
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
exist between ports or VLANs. If the selected path fails, STP searches for and then establishes an alternate path
to prevent or limit retransmission of data.
STP must be enabled at the system level to allow assignment of this capability on the VLAN level. STP is
disabled by default.
NOTE: The procedures in this chapter describe how to configure basic STP parameters. For more information
about STP, see “Configuring Spanning Tree Protocol (STP) and Advanced STP Features” on page 8-1.
NOTE: For information about the Single and Fast checkboxes, see “Single Spanning Tree (SSTP)” and
“Fast Uplink Span” in the Advanced Configuration and Management Guide for ProCurve 9300/9400 Series
Routing Switches.
6 - 28 June 2005
Configuring Basic Features
• Path Cost – This parameter can be used to assign a higher or lower path cost to a port. This value can be
used to bias traffic toward or away from a certain path during periods of rerouting. For example, if you wish to
bias traffic away from a certain port, assign it a higher value than other ports within the VLAN or all other ports
(when VLANs are not active on the Routing Switch). Possible values are 0 – 65535. The default values are
listed in Table 6.3.
10 Mbps 100
100 Mbps 19
Gigabit 4
June 2005 6 - 29
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
4. Click the Modify button in the STP bridge row to display the STP configuration panel, as shown in the
following example.
NOTE: If you want to save the priority and path costs of one port to all other ports on the Routing Switch
within a VLAN, you can click the Apply To All Ports button.
7. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
6 - 30 June 2005
Configuring Basic Features
NOTE: ProCurve Routing Switches also support the assignment of static IP Routes, static ARP, and static
RARP entries. For details on configuring these types of static entries, see the “Configuring Static Routes” and
“Creating Static ARP Entries” sections in the “Configuring IP” chapter of the Advanced Configuration and
Management Guide for ProCurve 9300/9400 Series Routing Switches.
You can manually input the MAC address of a device to prevent it from being aged out of the system address
table.
This option can be used to prevent traffic for a specific device, such as a server, from flooding the network with
traffic when it is down. Additionally, the static MAC address entry is used to assign higher priorities to specific
MAC addresses.
You can specify port priority (QoS) and VLAN membership (VLAN ID) for the MAC Address as well as specify
device type of either Routing Switch or host.
The default and maximum configurable MAC table sizes can differ depending on the device. To determine the
default and maximum MAC table sizes for your device, display the system parameter values. See “Displaying and
Modifying System Parameter Default Settings” on page 6-43.
The MAC table can hold only up to 64,000 entries. The MAC entries are stored in the CAM. The ability of the CAM
to store up to a million MAC entries, depends on the following factors:
• The number of source MAC address being learned by the CAM.
• The number of destination MAC addresses being forwarded by the CAM
• The distribution of the MAC entries across ports. For example, it one port is learning all the source MAC
addresses, the available of the CAM for that port will be depleted.
Also, a large number of MAC entries in the MAC table could increase CPU utilization. To alleviate the load on the
CPU, use this feature with the Control Plane Security option.
EXAMPLE:
To add a static entry for a server with a MAC address of 1145.5563.67FF and a priority of 7 to port 2 of module 1
of an 9300 series Routing Switch:
USING THE CLI
ProCurveRS(config)# static-mac-address 1145.5563.67FF e 1/2 priority 7
June 2005 6 - 31
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Syntax: [no] static-mac-address <mac-addr> ethernet <portnum> [to <portnum> ethernet <portnum>]
[priority <number>] [host-type | router-type | fixed-host]
The priority can be 0 – 7 (0 is lowest priority and 7 is highest priority).
The default priority is 0. The default type is host-type.
NOTE: The location of the static-mac-address command in the CLI depends on whether you configure port-
based VLANs on the device. If the device does not have more than one port-based VLAN (VLAN 1, which is the
default VLAN that contains all the ports), the static-mac-address command is at the global CONFIG level of the
CLI. If the device has more than one port-based VLAN, then the static-mac-address command is not available at
the global CONFIG level. In this case, the command is available at the configuration level for each port-based
VLAN.
4. Enter or edit the MAC address, if needed. Specify the address in the following format:
xx-xx-xx-xx-xx-xx.
5. Change the VLAN number if needed by editing the value in the VLAN ID field.
6. Select the port number from the Slot and Port pulldown lists.
7. Select a QoS level from 0 – 7 from the QoS field’s pulldown menu. For information about QoS, see the
“Configuring Quality of Service” chapter in the Advanced Configuration and Management Guide for ProCurve
9300/9400 Series Routing Switches.
8. Click the Add button (to add a new static MAC entry) or the Modify button (if you are modifying an existing
entry) to save the change to the device’s running-config file.
9. Click the Apply button to save the change to the device’s running-config file.
10. Select the Save link at the bottom of the dialog, then select Yes when prompted to save the configuration
change to the startup-config file on the device’s flash memory.
6 - 32 June 2005
Configuring Basic Features
NOTE: When a static MAC entry has a corresponding static ARP entry, you cannot delete the static MAC entry
unless you first delete the static ARP entry.
To create a static ARP entry for a static MAC entry, enter a command such as the following:
ProCurveRS(config)# arp 1 192.53.4.2 aaaa.bbbb.cccc ethernet 1
The arp command allows you to specify only one port number. To create a static ARP entry for a static MAC entry
that is associated with multiple ports, specify the first (lowest-numbered) port associated with the static MAC entry.
Syntax: [no] arp <num> <ip-addr> <mac-addr> ethernet <portnum>
The <num> parameter specifies the entry number.
NOTE: The second command is optional and also creates the VLAN if the VLAN does not already exist. You can
enter the first command after you enter the second command if you first exit to the global CONFIG level of the CLI.
June 2005 6 - 33
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
For details on configuring port-based VLANs, refer to “Configuring Virtual LANs (VLANs)” in the Advanced
Configuration and Management Guide for ProCurve 9300/9400 Series Routing Switches.
USING THE CLI
When using the CLI, ports are defined as either tagged or untagged at the VLAN level.
EXAMPLE:
Suppose you want to make port 5 on module 1 a member of port-based VLAN 4, a tagged port. To do so, enter
the following:
ProCurveRS(config)# vlan 4
ProCurveRS(config-vlan-4)# tagged e 1/5
Syntax: tagged ethernet <portnum> [to <portnum> [ethernet <portnum>]]
USING THE WEB MANAGEMENT INTERFACE
To apply 802.1q tagging to a port:
1. Log on to the device using a valid user name and password for read-write access. The System configuration
panel is displayed.
2. Click on the plus sign next to Configure in the tree view to display the configuration options.
3. Click on the plus sign next to Port in the tree view to display the configuration options.
4. Select the link to the port type you want (for example, Ethernet) to display the Port table.
5. Click on the Modify button next to the row of information for the port you want to reconfigure.
6. Select Enable next to IEEE Tagging.
NOTE: This option appears only if you are modifying a port that is a member of a port-based VLAN other
than the default VLAN. Tagging does not apply to ports that are not in a port-based VLAN and does not apply
to the default VLAN.
NOTE: MAC filters do not block management access to the HP device. For example, if you apply a filter to block
a specific host, the filter blocks switch traffic from the host but does not prevent the host from establishing a
management connection to the device through Telnet. To block management access, use an Access Control List
(ACL). See the “IP Access Control Lists (ACLs)“ chapter of the Advanced Configuration and Management Guide
for ProCurve 9300/9400 Series Routing Switches.
6 - 34 June 2005
Configuring Basic Features
NOTE: You cannot use Layer 2 filters to filter Layer 4 information. To filter Layer 4 information, use IP access
policies. See the “Policies and Filters” appendix in the Advanced Configuration and Management Guide for
ProCurve 9300/9400 Series Routing Switches.
You configure MAC filters globally, then apply them to individual interfaces. To apply MAC filters to an interface,
you add the filters to that interface’s MAC filter group.
NOTE: In software release 07.6.04, you can apply MAC filters to virtual routing interfaces. For more information,
see “Configuring MAC Address Filters for Virtual Routing Ports” on page 6-39.
The device takes the action associated with the first matching filter. If the packet does not match any of the filters
in the access list, the default action is to drop the packet. If you want the system to permit traffic by default, you
must specifically indicate this by making the last entry in the access list a permit filter. Here is an example:
mac filter <last-index-number> permit any any
For Routing Switches, the MAC filter is applied only to those inbound packets that are to be switched. This
includes those ports associated with a virtual routing interface. However, the filter is not applied to the virtual
routing interface. It is applied to the physical port.
NOTE: Inbound traffic on a port to which a Layer 2 MAC filter is assigned is sent to the CPU for processing.
NOTE: Use MAC Layer 2 filters only for switched traffic. If a routing protocol (for example, IP or IPX) is
configured on an interface, a MAC filter defined on that interface is not applied to inbound packets. If you want to
filter inbound route traffic, configure a route filter.
When you create a MAC filter, it takes effect immediately. You do not need to reset the system. However, you do
need to save the configuration to flash memory to retain the filters across system resets.
For complete MAC filter examples, see the Command Line Interface Reference for ProCurve 9300/9400 Series
Routing Switches.
Configuring MAC Address Filters for Physical Ports
NOTE: In software releases 07.6.04 and later, you can apply MAC filters to virtual routing interfaces. For more
information, see “Configuring MAC Address Filters for Virtual Routing Ports” on page 6-39.
NOTE: Once you apply a MAC filter to a port, the device drops all Layer 2 traffic on the port that does not match a
MAC permit filter on the port.
Syntax: mac filter <filter-num> permit | deny any | <H.H.H> any | <H.H.H> etype | IIc | snap <operator>
<frame-type>
The <filter-num> can be a number from 1 – 128.
The permit | deny argument determines the action the software takes when a match occurs.
June 2005 6 - 35
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
The <src-mac> <mask> | any parameter specifies the source MAC address. You can enter a specific address
value and a comparison mask or the keyword any to filter on all MAC addresses. Specify the mask using f’s
(ones) and zeros. For example, to match on the first two bytes of the address aabb.ccdd.eeff, use the mask
ffff.0000.0000. In this case, the filter matches on all MAC addresses that contain "aabb" as the first two bytes.
The filter accepts any value for the remaining bytes of the MAC address. If you specify any, do not specify a mask.
In this case, the filter matches on all MAC addresses.
The <dest-mac> <mask> | any parameter specifies the destination MAC address. The syntax rules are the same
as those for the <src-mac> <mask> | any parameter.
Use the etype | llc | snap argument if you want to filter on information beyond the source and destination address.
The MAC filter allows for you to filter on the following encapsulation types:
• etype (Ethertype) – a two byte field indicating the protocol type of the frame. This can range from 0x0600 to
0xFFFF.
• llc (IEEE 802.3 LLC1 SSAP and DSAP) – a two byte sequence providing similar function as the EtherType
but for an IEEE 802.3 frame.
• snap (IEEE 802.3 LLC1 SNAP) – a specific LLC1 type packet.
To determine which type of frame is used on your network, use a protocol analyzer. If byte 12 of an Ethernet
packet is equal to or greater than 0600 (hex), it is an Ethernet framed packet. Any number below this indicates an
IEEE 802.3 frame (byte 12 will now indicate the length of the data field). Some well-known Ethernet types are
0800 (TCP/IP), 0600 (XNS), and 8137 (Novell Netware). Refer to RFC 1042 for a complete listing of EtherTypes.
For IEEE 802.3 frame, you can further distinguish the SSAP and DSAP of LLC header. Some well-known SAPs
include: FE (OSI), F0 (NetBIOS), 42 (Spanning Tree BPDU), and AA (SNAP). Usually the DSAP and SSAP are
the same.
NOTE: You must type in both bytes, otherwise the software will fill the field, left justified with a 00. Refer to RFC
1042 for a complete listing of SAP numbers.
SNAP is defined as an IEEE 802.3 frame with the SSAP, DSAP, and control field set to AA, AA, and 03.
Immediately following these is a five-byte SNAP header. The first three bytes in this header are not used by the
MAC filters. However, the next two bytes usually are set to the EtherType, so you can define the EtherType inside
the SNAP header that you want to filter on.
The eq | gt | lt | neq argument specifies the possible operator: eq (equal), gt (greater than), lt (less than) and neq
(not equal).
The <frame-type> argument is a hexadecimal number for the frame type. For example, the hex number for ARP is
806.
To globally enable logging for filtered packets, enter the following command:
ProCurveRS(config)# mac filter log-enable
Syntax: mac filter log-enable
To enable logging for filtered packets on a specific port, enter the following commands:
ProCurveRS(config)# int e 1/1
ProCurveRS(config-if-1/1)# mac filter-group log-enable
Syntax: mac filter-group log-enable
To assign MAC filter 1 to interface port 1 on slot 1, enter the following commands:
ProCurveRS(config)# int e 1/1
ProCurveRS(config-if-1/1)# mac filter-group 1
Syntax: mac filter-group <filter-list>
NOTE: The filters must be applied as a group. For example, if you want to apply four filters to an interface, they
must all appear on the same command line.
6 - 36 June 2005
Configuring Basic Features
NOTE: You cannot add or remove individual filters in the group. To add or remove a filter on an interface, apply
the filter group again containing all the filters you want to apply to the port.
NOTE: If you apply a filter group to a port that already has a filter group applied, the older filter group is replaced
by the new filter group.
5. Edit the value in the ID field if you want to assign the filter a different ID. The software automatically
increments this field each time you add a MAC filter.
6. Select the filter action by selecting Permit or Deny next to Action.
7. Enter the source MAC address in the Source Address field. Separate the bytes in the address with dashes.
8. Enter the comparison mask for the source address in the Source Mask field. The mask consists of “f”s and
“0”s or the word “any”.
• An “f” indicates a significant bit. The software checks the indicated bit in each packet’s source MAC
address.
June 2005 6 - 37
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
• A “0” indicates an insignificant bit. The software does not care what value is in the bit position.
• “any” matches all bits and is equivalent to entering “ff-ff-ff-ff-ff-ff”.
9. Enter the destination MAC address in the Destination Address field. Separate the bytes in the address with
dashes.
10. Enter the comparison mask for the destination address in the Destination Mask field.
11. Select the frame type from the Frame Type field’s pulldown menu.
12. Select an operator from the Operator field’s pulldown menu to filter by protocol type.
13. Enter a protocol in the Protocol field.
14. Click the Add button to save the filter to the device’s running-config file. The filter is now configured in the
software but has not yet been applied to a port.
15. Select the Filter Group link.
• If the device does not have any MAC filter groups configured, the Filter Group configuration panel is
displayed, as shown in the following example.
• If a MAC filter group is already configured and you are adding a new one, click on the Show link to display
the MAC Filter Group list. Then click on the Add MAC Filter Group link to display the Filter Group
configuration panel, as shown in the following example.
• If you are modifying an existing MAC filter group, click on the Modify button to the right of the row
describing the filter group to display the Filter Group configuration panel, as shown in the following
example.
16. Select the port (and slot, if applicable) for which you are configuring the filter group. You can configure one
MAC filter group on each port.
17. Enter the filter numbers in the Filter ID List field. Separate each filter number from the next one by a single
space. The software applies the filters in the order you list them, from left to right. When a packet matches a
filter, the software stops comparing the packet against the filter list and applies the action specified in the
matching filter.
NOTE: The filters must be applied as a group. For example, if you want to apply four filters to an interface,
they must all appear on the same command line.
NOTE: You cannot add or remove individual filters in the group. To add or remove a filter on an interface,
apply the filter group again containing all the filters you want to apply to the port.
NOTE: If you apply a filter group to a port that already has a filter group applied, the older filter group is
replaced by the new filter group.
18. Click the Add button to save the filter to the device’s running-config file.
6 - 38 June 2005
Configuring Basic Features
19. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
Configuring MAC Address Filters for Virtual Routing Ports
Software release 07.6.04 allows you to apply MAC filters to virtual routing interfaces; however, MAC filters used
on a virtual routing interface can only deny packets. Permit is not available. Packets are denied based on their
source MAC address. The Routing Switch will drop any Layer 2 or Layer 3 packet that originated from the
specified source MAC address.
To apply a MAC filter on a virtual routing interface using the CLI, first create a filter group that denies specific
source MAC addresses using the mac filter-group command. (Refer to theInstallation and Basic Configuration
Guide for ProCurve 9300 Series Routing Switches for details.) Then use the mac deny-src-mac-filter-grp...
command to apply them to virtual routing interfaces. Enter commands such as the following:
ProCurveRS(config)# interface ve 2
ProCurveRS(config-vif-2)# mac filter 1 deny 00a0.cc77.a18d ffff.ffff.ffff any
ProCurveRS(config-vif-2)# mac filter 2 deny 0010.2222.3333 ffff.ffff.ffff any
ProCurveRS(config-vif-2)# mac deny-src-mac-filter-grp 1 2
Syntax: [no] mac deny-src-mac-filter-group <number>
<number> is the number of the ID of the filter that you’ve defined. You can enter up to eight filter IDs.
Enabling Logging of Packets Denied by MAC Filters
You can configure the HP device to generate Syslog entries and SNMP traps for packets that are denied by Layer
2 MAC filters. You can enable logging of denied packets on a global basis or an individual port basis.
The first time an entry in a MAC filter denies a packet and logging is enabled for that entry, the software generates
a Syslog message and an SNMP trap. Messages for packets denied by MAC filters are at the warning level of the
Syslog.
When the first Syslog entry for a packet denied by a MAC filter is generated, the software starts a five-minute MAC
filter timer. After this, the software sends Syslog messages every five minutes. The messages list the number of
packets denied by each MAC filter during the previous five-minute interval. If a MAC filter does not deny any
packets during the five-minute interval, the software does not generate a Syslog entry for that MAC filter.
NOTE: For a MAC filter to be eligible to generate a Syslog entry for denied packets, logging must be enabled for
the filter. The Syslog contains entries only for the MAC filters that deny packets and have logging enabled.
When the software places the first entry in the log, the software also starts the five-minute timer for subsequent log
entries. Thus, five minutes after the first log entry, the software generates another log entry and SNMP trap for
denied packets.
USING THE CLI
To configure Layer 2 MAC filter logging globally, enter the following CLI commands at the global CONFIG level:
ProCurveRS(config)# mac filter log-enable
ProCurveRS(config)# write memory
Syntax: [no] mac filter log-enable
To configure Layer 2 MAC filter logging for MAC filters applied to ports 1/1 and 3/3, enter the following CLI
commands:
ProCurveRS(config)# int ethernet 1/1
ProCurveRS(config-if-1/1)# mac filter-group log-enable
ProCurveRS(config-if-1/1)# int ethernet 3/3
ProCurveRS(config-if-3/3)# mac filter-group log-enable
ProCurveRS(config-if-3/3)# write memory
June 2005 6 - 39
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: This is the same command syntax as that used for configuring port-based VLANs. Use the first
command for adding a range of ports. Use the second command for adding separate ports (not in a range). You
also can combine the syntax. For example, you can enter exclude-ports ethernet 1/4 ethernet 2/6 to 2/9.
6 - 40 June 2005
Configuring Basic Features
Configuration Examples
To configure a Layer 2 broadcast filter to filter all types of broadcasts, then apply the filter to ports 1/1, 1/2, and
1/3, enter the following commands:
ProCurveRS(config)# broadcast filter 1 any
ProCurveRS(config-bcast-filter-id-1)# exclude-ports ethernet 1/1 to 1/3
ProCurveRS(config-bcast-filter-id-1)# write memory
To configure two filters, one to filter IP UDP traffic on ports 1/1 – 1/4, and the other to filter all broadcast traffic on
port 4/6, enter the following commands:
ProCurveRS(config)# broadcast filter 2 ip udp
ProCurveRS(config-bcast-filter-id-2)# exclude-ports ethernet 1/1 to 1/4
ProCurveRS(config-bcast-filter-id-2)# exit
ProCurveRS(config)# broadcast filter 3 any
ProCurveRS(config-bcast-filter-id-3)# exclude-ports ethernet 4/6
ProCurveRS(config-bcast-filter-id-3)# write memory
To configure an IP UDP broadcast filter and apply that applies only to port-based VLAN 10, then apply the filter to
two ports within the VLAN, enter the following commands:
ProCurveRS(config)# broadcast filter 4 ip udp vlan 10
ProCurveRS(config-bcast-filter-id-4)# exclude-ports eth 1/1 eth 1/3
ProCurveRS(config-bcast-filter-id-4)# write memory
Configuring a Layer 2 Multicast Filter
To configure a multicast filter, you must have access to the CONFIG level of the CLI. You can configure up to eight
multicast filters on a device.
Syntax: [no] multicast filter <filter-id> any | ip udp mac <multicast-address> | any [mask <mask>]
[vlan <vlan-id>]
The parameter values are the same as the for the broadcast filter command. In addition, the multicast filter
command requires the mac <multicast-address> | any parameter, which specifies the multicast address. Enter
mac any to filter on all multicast addresses.
Enter mac followed by a specific multicast address to filter only on that multicast address. To filter on a range of
multicast addresses, use the mask <mask> parameter. For example, to filter on multicast groups 0100.5e00.5200
– 0100.5e00.52ff, use mask ffff.ffff.ff00. The default mask matches all bits (is all Fs). You can leave the mask
off if you want the filter to match on all bits in the multicast address.
Configuration Examples
To configure a Layer 2 multicast filter to filter all multicast groups, then apply the filter to ports 2/4, 2/5, and 2/8,
enter the following commands:
ProCurveRS(config)# multicast filter 1 any
ProCurveRS(config-mcast-filter-id-1)# exclude-ports ethernet 2/4 to 2/5 ethernet 2/8
ProCurveRS(config-mcast-filter-id-1)# write memory
To configure a multicast filter to block all multicast traffic destined for multicast addresses 0100.5e00.5200 –
0100.5e00.52ff on port 4/8, enter the following commands:
ProCurveRS(config)# multicast filter 2 any 0100.5e00.5200 mask ffff.ffff.ff00
ProCurveRS(config-mcast-filter-id-2)# exclude-ports ethernet 4/8
ProCurveRS(config-mcast-filter-id-2)# write memory
June 2005 6 - 41
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
The software calculates the range by combining the mask with the multicast address. In this example, all but the
last eight bits in the mask are “significant bits” (ones). The last eight bits are zeros and thus match on any value.
Each “f” or “0” is four bits.
NOTE: In release 07.6.04, a more robust version of this feature was introduced. See “Using the MAC Port
Security Feature” in the Security Guide for ProCurve 9300/9400 Series Routing Switches.
6 - 42 June 2005
Configuring Basic Features
• VRRPE
By default, IP routing is enabled on Routing Switches. All other protocols are disabled, so you must enable them
to configure and use them.
NOTE: The following protocols require a system reset before the protocol will be active on the system: PIM,
DVMRP, RIP, and IPX. To reset a system, select the Reload link (Web) or enter the reload command at the
privileged level of the CLI.
NOTE: If you are enabling BGP4, you must also specify the local AS number in the Local AS field.
NOTE: You also can access the dialog for saving configuration changes by clicking on Command in the tree
view, then clicking on Save to Flash.
If you enable PIM, DVMRP, RIP, or IPX, you must reload the software to place the change into effect.
1. Click on the plus sign next to Command in the tree view to list the command options.
2. Select the Reload link and select Yes when the Web management interface asks you whether you really want
to reload the software.
June 2005 6 - 43
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
• IP routes
• IP route filters
• IP subnets per port and per device
• Static routes
• IGMP
• DVMRP routes
• IPX/SAP entries
• IPX/RIP entries
• IPX/SAP filters
• IPX/RIP filters
• IPX forwarding filters
• AppleTalk routes
• AppleTalk zones
The tables you can configure as well the defaults and valid ranges for each table differ depending on the HP
device you are configuring.
NOTE: If you increase the number of subnet addresses you can configure on each port to a higher amount, you
might also need to increase the total number of subnets that you can configure on the device.
To display and configure the adjustable tables on a device, use one of the following methods.
NOTE: Changing the table size for a parameter reconfigures the device’s memory. Whenever you reconfigure
the memory on an HP device, you must save the change to the startup-config file, then reload the software to
place the change into effect.
6 - 44 June 2005
Configuring Basic Features
June 2005 6 - 45
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Information for the configurable tables appears under the columns that are shown in bold type in this example. To
simplify configuration, the command parameter you enter to configure the table is used for the table name. For
example, to increase the capacity of the IP route table, enter the following commands:
ProCurveRS(config)# system-max ip-route 120000
ProCurveRS(config)# write memory
ProCurveRS(config)# exit
ProCurveRS# reload
NOTE: If you accidentally enter a value that is not within the valid range of values, the CLI will display the valid
range for you.
To increase the number of IP subnet interfaces you can configure on each port on a Routing Switch from 24 to 64,
then increase the total number of IP interfaces you can configure on the device from 256 to 512, enter the
following commands:
6 - 46 June 2005
Configuring Basic Features
NOTE: You also can display the Device Information panel by clicking on the graphic of the chassis panel, in the
upper right frame. The graphic is shown only if the Web management interface frames are enabled.
June 2005 6 - 47
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: You cannot set the warning temperature to a value higher than the shutdown temperature.
6 - 48 June 2005
Configuring Basic Features
3. Edit the value in the Temperature Warning Threshold field to change the warning temperature.
4. Edit the value in the Temperature Shutdown Threshold field to change the shutdown temperature.
5. Click the Apply button to send the configuration change to the active module’s running-config file.
6. If you want the change to remain in effect following the next system reload, select the Save link to save the
configuration change to the startup-config file.
June 2005 6 - 49
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
3. Edit the value in the Chassis Poll Interval field to change polling interval. You can enter a value from 0 –
65535. The default is 60 seconds.
4. Click the Apply button to send the configuration change to the active module’s running-config file.
5. If you want the change to remain in effect following the next system reload, select the Save link to save the
configuration change to the startup-config file.
6 - 50 June 2005
Configuring Basic Features
monitored port on the module in slot 1 is switched to the module in slot 2, mirror ports on the module in slot 2
will receive copies of the traffic. These guidelines do not apply to outbound traffic.
• If you are concurrently monitoring more than one set of ports on a non-9408sl device, there are additional
restrictions on which ports can be mirror ports for monitoring inbound traffic:
• On Standard (non-EP) Routing Switches, do not use any of the ports on the management module as a
mirror port for monitoring inbound traffic.
• On Enhanced Performance Routing Switches, do not use any of the 4 lowest-numbered Gigabit Ethernet
ports, or the 24 lowest-numbered 10/100 ports on the management module as a mirror port for
monitoring inbound traffic.
NOTE: These restrictions do not apply to 9408sl devices. On 9408sl devices, any port can be mirrored and
monitored except for the management port.
This happens because the routed traffic sent by the router interface must address itself as the sender of the
packet, to the neighboring Routing Switch. This behavior cannot be turned off for the monitored traffic, so the
mirror port's MAC address is substituted for the mirror copy of the packet. In this case, the source MAC
address of the mirror port is equivalent to that of the monitored port.
NOTE: You can configure multiple mirror ports on the same module. However, if you mirror inbound traffic to
any of the mirror ports on the module, the traffic is mirrored to all the mirror ports on the module. If you plan to
mirror outbound traffic only, you can use multiple mirror ports on the same module without the traffic being
duplicated on the other mirror ports on the module.
NOTE: If you configure the device to monitor inbound traffic on multiple ports and use a single mirror port for the
traffic, disabling monitoring on one of the ports also disables monitoring on the other ports. For example, if you
configure the device to monitor inbound traffic on ports 1/1 and 1/2 and to mirror the traffic to port 2/1, if you then
disable monitoring of inbound traffic on port 1/2, the software also disables monitoring of inbound traffic on port
June 2005 6 - 51
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
1/1.
This guideline does not apply to monitoring outbound traffic. Disabling monitoring for outbound traffic does not
affect other ports that use the same mirror port.
If you specify both for the traffic direction to be monitored, only the inbound traffic monitoring is disabled on the
other ports.
To configure more than one mirror port, enter commands such as the following:
ProCurveRS(config)# mirror-port ethernet 1/1
ProCurveRS(config)# mirror-port ethernet 5/1
ProCurveRS(config)# mirror-port ethernet 5/1
ProCurveRS(config)# mirror-port ethernet 5/2
These commands configure four mirror ports.
The following commands configure ports on the module in slot 1 to be mirrored by port 1/1:
ProCurveRS(config)# interface ethernet 1/2
ProCurveRS(config-if-1/2)# monitor ethernet 1/1 in
ProCurveRS(config-if-1/2)# interface ethernet 1/3
ProCurveRS(config-if-1/3)# monitor ethernet 1/1 in
ProCurveRS(config-if-1/3)# interface ethernet 1/4
ProCurveRS(config-if-1/4)# monitor ethernet 1/1 in
These commands configure the inbound traffic on ports 1/2 – 1/4 to be mirrored to port 1/1.
USING THE WEB MANAGEMENT INTERFACE
Suppose you want to diagnose the in and out on traffic on port 3 on a module in slot 4 of an 9300 series using port
1 in slot 4. To do so:
1. Log on to the device using a valid user name and password for read-write access. The System configuration
panel is displayed.
2. Select the Advance link to display the advanced system configuration panel.
3. Select the slot (if applicable) and port from the corresponding pulldown menus next to Mirror Slot. In this
example, select slot 4 and port 1.
4. Click Apply to save the changes to the device’s running-config file.
5. Click on the plus sign next to Configure in the tree view to display the configuration options.
6. Click on the plus sign next to Port in the tree view to display the configuration options.
7. Select the link to the port type you want (for example, Ethernet) to display the Port table.
8. Click the Modify button next to the port you want to monitor. In this example, select port 3 on the module in
slot 4 (4/3).
9. Select the traffic direction you want to monitor. For this example, select the In & Out.
10. Click Apply to save the changes to the device’s running-config file.
11. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
NOTE: In the current release, you can use only one mirror port for each monitored trunk port.
6 - 52 June 2005
Configuring Basic Features
To monitor traffic on an individual port in a trunk group, enter commands such as the following:
ProCurveRS(config)# mirror ethernet 2/1
ProCurveRS(config)# trunk switch ethernet 4/1 to 4/8
ProCurveRS(config-trunk-4/1-4/8)# config-trunk-ind
ProCurveRS(config-trunk-4/1-4/8)# monitor ethe-port-monitored 4/5 ethernet 2/1 in
Syntax: [no] config-trunk-ind
Syntax: [no] monitor ethe-port-monitored <portnum> | named-port-monitored <portname>
ethernet <portnum> in | out | both
The config-trunk-ind command enables configuration of individual ports in the trunk group. You need to enter
the config-trunk-ind command only once in a trunk group. After you enter the command, all applicable port
configuration commands apply to individual ports only.
NOTE: If you enter no config-trunk-ind, all port configuration commands are removed from the individual ports
and the configuration of the primary port is applied to all the ports. Also, once you enter the no config-trunk-ind
command, the enable, disable, and monitor commands are valid only on the primary port and apply to the entire
trunk group.
The monitor ethe-port-monitored command in this example enables monitoring of the inbound traffic on port
4/5.
• The ethe-port-monitored <portnum> | named-port-monitored <portname> parameter specifies the trunk
port you want to monitor. Use ethe-port-monitored <portnum> to specify a port number. Use named-port-
monitored <portname> to specify a trunk port name.
• The ethernet <portnum> parameter specifies the port to which the traffic analyzer is attached.
• The in | out | both parameter specifies the traffic direction to be monitored.
NOTE: The terms 802.3ad aggregate link and dynamic trunk group are used interchangeably in this section
and mean the same thing.
Configuration Note
• This feature is supported in software releases 07.8.00 and later.
• This feature is supported on any port that can be configured with 802.3ad link aggregation.
Configuring Port Monitoring on 802.3ad Aggregate Links
By default, when you enable monitoring on the primary port of an 802.3ad aggregate link, the device copies the
traffic for all the ports in the dynamic trunk group to the mirror port.
To monitor all of the ports in an 802.3ad aggregate link, enter commands such as the following on the primary port
of the dynamic trunk group:
ProCurveRS(config)# interface e1/1
ProCurveRS(config-if-e100-1/1)# link-aggregate monitor ethernet-port-monitored e 1/
1 e 1/10 both
These commands enable monitoring of the entire dynamic trunk group and copy both incoming and outgoing
traffic to port 1/10, the assigned mirror port. Note that the mirror port (in this case, port 1/10) must already be
configured as a mirror port.
Syntax: link-aggregate monitor ethernet-port-monitored ethernet <monitor slot/port> <mirror slot/port> both | in |
out
The <monitor slot/port> parameter specifies the port to monitor.
June 2005 6 - 53
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
The <mirror slot/port> parameter specifies the port that will receive copies of the monitored port’s traffic.
The both | in | out parameter specifies the traffic direction to monitor. There is no default.
Configuring Port Monitoring on an Individual Port in an 802.3ad Aggregate Link
To monitor traffic on an individual port in a dynamic trunk group, enter commands such as the following:
ProCurveRS(config)#interface e1/1
ProCurveRS(config-if-e100-1/1)# link-aggregate config-ind-monitor
ProCurveRS(config-if-e100-1/1)# link-aggregate monitor ethernet-port-monitored
ethernet 1/1 ethernet 1/10 in
Syntax: [no] link-aggregate config-ind-monitor
Syntax: link-aggregate monitor ethernet-port-monitored ethernet <monitor slot/port> <mirror slot/port> in | out |
both
The link-aggregate config-ind-monitor command enables configuration of individual ports in the dynamic trunk
group. Enter this command only once in a dynamic trunk group configuration. After you enter this command, all
applicable port configuration commands apply to individual ports only.
NOTE: If you enter no link-aggregate config-ind-monitor, the device removes all monitor configuration
commands from the individual ports and applies the primary port’s configuration to all the ports. Also, once you
enter the no link-aggregate config-ind-monitor command, any monitor configuration command you enter
thereafter applies to the entire trunk group.
The link-aggregate monitor ethernet-port-monitored ethernet command in this example enables monitoring of
inbound traffic on port 1/1.
• The <monitor slot/port> parameter specifies the port to monitor.
• The <mirror slot/port> parameter specifies the port that will receive copies of the monitored port’s traffic.
• The in | out | both parameter specifies the traffic direction to monitor. There is no default.
Software release 07.6.04 and later allows you to mirror traffic on ports that have policy-based routing (PBR)
enabled. This feature is useful for monitoring traffic, debugging, and enabling application-specific mirroring.
The PBR mirror interface feature allows continued hardware forwarding and, at the same time, enables you to
determine exactly which traffic flows get routed using the policies defined by PBR.
The following section provides a general overview of hardware-based PBR. For more specific information about
hardware based PBR, see the chapter “EP Hardware-Based IP Access Control Lists (ACLs)” in the Advanced
Configuration and Management Guide for ProCurve 9300/9400 Series Routing Switches.
About Hardware-Based PBR
Hardware-based Policy-Based Routing (PBR) routes traffic in hardware based on policies you define. A PBR
policy specifies the next hop for traffic that matches the policy. A PBR policy also can use an ACL to perform QoS
mapping and marking for traffic that matches the policy.
To configure PBR, you define the policies using IP ACLs and route maps, then enable PBR globally or on
individual interfaces. The device programs the ACLs into the Layer 4 CAM on the interfaces and routes traffic that
matches the ACLs according to the instructions in the route maps. You also can map and mark the traffic's QoS
information using the QoS options of the ACLs.
6 - 54 June 2005
Configuring Basic Features
NOTE: This section describes the syntax for the new CLI Route Map level command, set mirror-interface. For
more information about the other existing commands and syntax shown in the above example, see the Command
Line Interface Reference for ProCurve 9300/9400 Series Routing Switches or the Advanced Configuration
and Management Guide for ProCurve 9300/9400 Series Routing Switches.
June 2005 6 - 55
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
6 - 56 June 2005
Chapter 7
Configuring Trunk Groups
and Dynamic Link Aggregation
This chapter describes how to configure trunk groups and 802.3ad link aggregation.
• Trunk groups are manually-configured aggregate links containing multiple ports.
• 802.3ad link aggregation is a protocol that dynamically creates and manages trunk groups.
NOTE: You can use both types of trunking on the same device. However, you can use only one type of trunking
for a given port. For example, you can configure port 1/1 as a member of a static trunk group or you can enable
802.3ad link aggregation on the port, but you cannot do both.
Figure 7.1 Trunk Group application within a ProCurve Routing Switch network
HP Switch 4000
...
Trunk Group Power Users
Dedicated 100 Mbps
Server
HP 9304M
Router1
Gigabit
Backbone
HP 9304M
Router2
Super
Server
NOTE: The ports in a trunk group make a single logical link. Therefore, all the ports in a trunk group must be
connected to the same device at the other end.
Multi-homing
Server
Multi-homing adapter
has the same IP and MAC address Trunk Group
...
Maximum Number of Valid Number of Ports Port Ranges and Primary Ports
Trunk Groups in a Group
• You cannot combine 10/100 ports and Gigabit ports in the same trunk group. Each trunk group must start with
a primary port. The primary port is always the lowest number in the port range. For example, on the J4140A
10/100 module:
• Ranges for four-port trunk groups: 1 – 4, 5 – 8, 9 – 15, 16 – 20, 21 – 24
• Ranges for two-port trunk groups: 1 – 2, 3 – 4, 5 – 6, 7 – 8, 9 – 10, 11 – 12, 13 – 14, 15 – 16, 17 – 18, 19
– 20, 21 – 22, 23 – 24
NOTE: You can configure up to 12 trunk groups on an 9300 series 24-port 10/100 module. The 24-port 10/
100 modules have the following primary ports: 1, 3, 5, 7, 9, 11, 13, 15, 17, 19, 21, and 23. See Figure 7.5.
• Port assignment on a module must be contiguous. The port range on the module cannot contain gaps. For
example, you can configure ports 1, 2, 3, and 4 on a module together as a trunk group but not ports 1, 3, and
4 (excluding 2).
• Port assignment cannot be across multiple trunk group boundaries.All the ports must be connected to the
same device at the other end.
• All trunk group member properties must match the lead port of the trunk group with respect to the following
parameters:
• Port tag type (untagged or tagged port)
• Port speed and duplex
• QoS priority
To change port parameters, you must change them on the primary port. The software automatically applies
the changes to the other ports in the trunk group.
• Make sure the device on the other end of the trunk link can support the same number of ports in the link.
• You can trunk two 10 Gigabit Ethernet ports together. The first port must be in an odd-numbered chassis slot
and the second port must be in the following even-numbered slot. Trunking of 10-Gigabit Ethernet ports
requires software release 07.6.01b or later. See “Configuring a Trunk Group of 10-Gigabit Ethernet Ports” on
page 7-14.
Figure 7.3 shows an example of a valid 2-port trunk group link between devices. The trunk groups in this example
are switch trunk groups, between two HP devices. Ports in a valid 2-port trunk group on one device are connected
to two ports in a valid 2-port trunk group on another device. The same rules apply to 4-port trunk groups.
Figure 7.4 shows examples of two Routing Switches connected by multi-slot trunk groups.
Figure 7.5 shows the valid 2-port and 4-port trunk groups on chassis 10/100 modules.
Figure 7.5 Valid 2-port and 4-port trunk groups on chassis 10/100 modules
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
This restriction was removed in software release 07.5.04 and later. Software releases 07.5.04 and later
support placing the management module and forwarding module in different sets of slots. For single-slot
server trunk group, the management module and forwarding module can be on any slot of the chassis.
• Do not place the management module(s) or the module that has the server trunk group’s ports in slot 8.
The modules must both be in the same set or slots (slots 1–7 or 9–15).
These guidelines apply to a server trunk group that is configured on a single module or on a pair of modules
(multi-slot trunk group). You do not need to follow these guidelines for a switch trunk group.
NOTE: The port type applies only to Layer 2 traffic on a server trunk group configured on a Routing Switch.
NOTE: On a device managed by a T-Flow, you can optimize server trunk load sharing on individual ports. See
“Enabling Optimized Server Trunk Load Balancing (T-Flow only)” on page 7-19.
NOTE: Starting in software release 07.7.00, EP devices load balance IP traffic on server trunks based on source
and destination TCP and UDP application ports (Layer 4 information), as well as on source and destination IP
addresses (Layer 3 information). In addition, software release 07.7.00 enables you to configure server trunk load
balancing per packet and to specify the maximum number of hash buckets per server trunk. See “Server Trunk
Group Load Sharing Enhancements and Options (Release 07.7.00 and Higher)” on page 7-17.
NOTE: The load sharing methods for server trunk groups also apply to trunks dynamically configured by 802.3ad
link aggregation.
a.By default, Layer 3 IP traffic uses ip load-sharing by-host. Refer to the Command Line Interface
Reference for ProCurve 9300/9400 Series Routing Switches for details on this command.
b.New in 07.6.01
7 - 10 June 2005
Configuring Trunk Groups and Dynamic Link Aggregation
NOTE: If you connect the cables before configuring the trunk groups and then rebooting, the traffic on the
ports can create a spanning tree loop.
2. Configure the trunk group on one of the two Routing Switches involved in the configuration.
3. Save the configuration changes to the startup-config file.
4. Dynamically place the new trunk configuration into effect by entering the trunk deploy command at the
global CONFIG level of the CLI.
NOTE: If you are running a software release earlier than 07.5.04, you must reload the software to place a
trunk configuration change into effect.
5. If the device at the other end of the trunk group is another Routing Switch, repeat Steps 2 – 4 for the other
device.
6. When the trunk groups on both devices are operational, reconnect the cables to those ports that are now
configured as trunk groups, starting with the first port (lead port) of each trunk group.
7. To verify the link is operational, use the show trunk command.
Example 1: Configuring the Trunk Groups Shown in Figure 7.1
To configure the trunk groups shown in Figure 7.1, enter the following commands. Notice that the commands are
entered on multiple devices.
USING THE CLI
To configure the trunk group link between Router1 and Router2:
NOTE: The text shown in italics in the CLI example below shows messages echoed to the screen in answer to
the CLI commands entered.
NOTE: This example uses devices that are not running software release 07.5.004 or later. Devices running
software earlier than 07.5.004 must be reloaded in order to place trunk configuration changes into effect. On
devices running 07.5.004 or later, you can dynamically place trunk configuration changes into effect by entering
the trunk deploy command at the global CONFIG level of the CLI.
To configure the trunk group link between Router2 and the server:
Router2(config)# trunk server e 1/3 to 1/4
Trunk 0 is created for next power cycle.
Please save configuration to flash and reboot.
Router2(config)# write memory
Write startup-config in progress.
.Write startup-config done.
Router2(config)# exit
Router2# reload
June 2005 7 - 11
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: This panel lists port ranges only for the slots that contain an active module. In addition, only the
ranges that are valid for the module are listed.
The port ranges listed by the panel contain four ports, but the default number of ports in a group is two. If you
select a group and leave the number of ports in a group at two, the software assigns the first two ports in the
group you select to the trunk group. The last two ports do not become members of the trunk group.
4. Select a port range. For example, you can select 1/5 – 1/8.
5. Select the number of ports you want to use in the trunk group. You can select 2 or 4.
7 - 12 June 2005
Configuring Trunk Groups and Dynamic Link Aggregation
6. Click in the checkbox next to Server to place a checkmark in the box if the other end of the trunk group is a
server. If the other end of the connection is a ProCurve Routing Switch, do not click this checkbox.
7. Click Apply to save the changes to the device’s running-config file.
8. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
9. Click on the plus sign next to Command in the tree view to list the command options.
10. Select the Reload link and select Yes when the Web management interface asks you whether you really want
to reload the software.
11. 4If the other end of the trunk group is a Routing Switch, log in to the other device and follow the steps above.
Example 2: Configuring a Trunk Group That Spans Multiple Gigabit Ethernet Modules in a
Routing Switch
To configure a trunk group that spans two modules in a 9300 series Routing Switch, use one of the following
methods.
USING THE CLI
To configure a trunk group consisting of two groups of ports, 1/1 – 1/4 on module 1 and 4/5 – 4/8 on module 4,
enter the following commands:
ProCurveRS(config)# trunk ethernet 1/1 to 1/4 ethernet 4/5 to 4/8
ProCurveRS(config-trunk-1/1-4/8)# write memory
ProCurveRS(config-trunk-1/1-4/8)# exit
ProCurveRS(config)# trunk deploy
NOTE: The trunk deploy command dynamically places trunk configuration changes into effect, without a
software reload. This command is supported only in software release 07.5.04 and later. If you are running a
release earlier than 07.5.04, you must reload the software to place trunk configuration changes into effect.
CLI Syntax
Syntax: [no] trunk [server | switch] ethernet <primary-portnum> to <portnum>
ethernet <primary-portnum> to <portnum>
Syntax: trunk deploy
The server | switch parameter specifies whether the trunk ports will be connected to a server or to another
Routing Switch. This parameter affects the type of load balancing performed by the HP device. See “Trunk
Group Load Sharing” on page 7-8. The default is switch.
Each ethernet parameter introduces a port group.
The <primary-portnum> to <portnum> parameters specify a port group. Notice that each port group must begin
with a primary port. After you enter this command, the primary port of the first port group specified (which must be
the group with the lower port numbers) becomes the primary port for the entire trunk group. For Gigabit Ethernet
modules, the primary ports are 1, 3, 5, and 7.
To configure a trunk group consisting of two groups of two ports each, enter commands such as the following:
ProCurveRS(config)# trunk ethernet 1/1 to 1/2 ethernet 3/3 to 3/4
ProCurveRS(config)# write memory
ProCurveRS(config)# trunk deploy
Notice that the groups of ports meet the criteria for a multi-slot trunk group. Each group contains the same
number of ports (two) and begins on a primary port (1/1 and 3/3).
USING THE WEB MANAGEMENT INTERFACE
1. Log on to the device using a valid user name and password for read-write access. The System configuration
panel is displayed.
2. Click on the plus sign next to Configure in the tree view to display the configuration options.
June 2005 7 - 13
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
4. Select a port range. For example, you can select 1/5 – 1/8.
5. Select 2 or 4 to indicate the number of ports in each group. Each group must have the same number of ports.
6. Select the port groups. Each group begins with the primary port number for that group. To select two groups,
click on the first group, then hold down the CTRL key and click on the second group. Do not select more than
two groups.
7. Select Server if you are connecting the trunk group ports to a server. Otherwise, the software assumes you
are connecting the trunk group ports to another Routing Switch and uses the default value Switch.
8. Click Apply to save the changes to the device’s running-config file.
9. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
10. Click on the plus sign next to Command in the tree view to list the command options.
11. Select the Reload link and select Yes when the Web management interface asks you whether you really want
to reload the software.
12. If the other end of the trunk group is a Routing Switch, log in to the other device and follow the steps above.
NOTE: Hewlett-Packard recommends that you reload the software immediately after saving a trunk group
configuration to flash memory, before making further configuration changes.
7 - 14 June 2005
Configuring Trunk Groups and Dynamic Link Aggregation
NOTE: Two-port trunk groups are supported for 10 Gigabit Ethernet. You cannot specify more than two ports.
To display configuration information and load-sharing statistics for the trunk group, enter the show trunk
command. See “Displaying Trunk Group Configuration Information” on page 7-22.
NOTE: To monitor the traffic on a trunk port, see “Monitoring an Individual Trunk Port” on page 6-52.
June 2005 7 - 15
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
in the trunk group. You need to enter the config-trunk-ind command only once in a trunk group. After you enter
the command, all applicable port configuration commands apply to individual ports only.
NOTE: If you enter no config-trunk-ind, all port configuration commands are removed from the individual ports
and the configuration of the primary port is applied to all the ports. Also, once you enter the no config-trunk-ind
command, the enable, disable, and monitor commands are valid only on the primary port and apply to the entire
trunk group.
The disable command disables the port. The states of other ports in the trunk group are not affected.
If you have configured a name for the trunk port, you can specify the port name, as shown in the following
example:
ProCurveRS(config-trunk-4/1-4/4)# config-trunk-ind
ProCurveRS(config-trunk-4/1-4/4)# disable customer1
Syntax: disable <portname>
To enable an individual port in a trunk group, enter commands such as the following at the trunk group
configuration level:
ProCurveRS(config-trunk-4/1-4/4)# config-trunk-ind
ProCurveRS(config-trunk-4/1-4/4)# enable ethernet 4/2
Syntax: enable ethernet <portnum>
Syntax: enable <portname>
Disabling or Re-Enabling a Range or List of Trunk Ports
To disable a range of ports in a trunk group, enter commands such as the following:
ProCurveRS(config)# trunk switch ethernet 2/1 to 2/8
ProCurveRS(config-trunk-2/1-2/8)# config-trunk-ind
ProCurveRS(config-trunk-2/1-2/8)# disable ethernet 2/2 to 2/5
This command disables ports 2/2 – 2/5 in trunk group 2/1 – 2/8.
To disable a list of ports, enter a command such as the following:
ProCurveRS(config-trunk-2/1-2/8)# disable ethernet 2/2 ethernet 2/4 ethernet 2/7
This command disables ports 2/2, 2/4, and 2/7 in the trunk group.
You can specify a range and a list on the same command line. For example, to re-enable some trunk ports, enter
a command such as the following:
ProCurveRS(config-trunk-2/1-2/8)# enable ethernet 2/2 to 2/5 ethernet 2/7
Syntax: [no] disable ethernet <portnum> [to <portnum> | ethernet <portnum>]
Syntax: [no] enable ethernet <portnum> [to <portnum> | ethernet <portnum>]
The to <portnum> parameter indicates that you are specifying a range. Specify the lower port number in the
range first, then to, then the higher port number in the range.
The ethernet <portnum> parameter specifies an individual port. You can enter this parameter multiple times to
specify a list, as shown in the examples above.
Deleting a Trunk Group
To delete a trunk group, use either of the following methods.
USING THE CLI
To delete a trunk group, use “no” in front of the command you used to create the trunk group. For example, to
remove one of the trunk groups configured in the examples above, enter the following command:
ProCurveRS(config)# no trunk ethernet 1/1 to 1/2 ethernet 3/3 to 3/4
Syntax: no trunk ethernet <portnum> to <portnum>
7 - 16 June 2005
Configuring Trunk Groups and Dynamic Link Aggregation
NOTE: If the other end of the trunk group is a Routing Switch, log in to the other system and follow the
applicable steps above.
June 2005 7 - 17
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: The configuration commands in this section apply to incoming (trunk) ports only.
Starting in release 07.7.00, you can configure the ports on an HP device to load balance IP traffic based on
individual packets received on the interface. When you enable this feature, the device uses the IP packet headers
to load balance the traffic among all the ports in the trunk group.
You configure this feature at the Interface level of the CLI, and not globally (on the entire device). When you
configure this feature on the primary port of the trunk group, the software automatically applies it to the other ports
in the trunk group.
To enable this feature, enter commands such as the following:
ProCurveRS(config)# interface e 1/1
ProCurveRS(config-if-e10000-1/1)# serv-trunk-per-pkt-lb
When interface e 1 receives IP packets destined for a trunk port, it uses information in the IP packet header to
select the trunk port on which to forward the traffic.
Syntax: [no] serv-trunk-per-pkt-lb
Configuring the Maximum Number of Hash Buckets for Server Trunks
Server trunks use hash buckets to implement packet forwarding and load balancing. The hash buckets enable
forwarding of packets in hardware, as opposed to forwarding them in software (sending them to the CPU).
Packets forwarded in hardware travel faster in comparison to packets sent to the CPU for processing.
When the HP device learns that a specific packet has to go through an outgoing port, it places an entry in the hash
bucket. The entry defines the data path from the incoming port to the outgoing port. When the device receives
subsequent packets destined for the same path, it retrieves the entry in the hash bucket and forwards the packets
accordingly.
In releases prior to 07.7.00, the HP device allocates a fixed number of hash buckets for each server trunk. This
number is not configurable.
In software release 07.7.00, depending on the number of server trunks configured on the HP device, you can
specify the maximum number of hash buckets per server trunk, up to a maximum of 256. In addition, the total
number of hash buckets for all server trunks combined has increased. The 9315M supports a total of 1024 hash
buckets, and the 9304M and 9308M support a total of 8192 hash buckets.
Increasing the number of hash buckets per server trunk enhances the speed and efficiency at which the HP
device forwards and load balances IP packets on server trunk ports.
Table 7.4 shows the hash bucket configurations supported on the 9315M.
Maximum Number of Hash Number of Server Trunks Total Number of Hash Buckets
Buckets per Server Trunk for all Server Trunks Combined
32 15 480
64 15 960
128 8 1024
256 4 1024
7 - 18 June 2005
Configuring Trunk Groups and Dynamic Link Aggregation
Table 7.5 shows the hash bucket configurations supported on the 9304M and 9308M.
Maximum Number of Hash Number of Server Trunks Total Number of Hash Buckets
Buckets per Server Trunk for all Server Trunks Combined
16 32 512
32 32 1024
64 32 2048
128 32 4096
To configure the maximum number of hash buckets per server trunk, enter commands such as the following:
ProCurveRS(config)# system hash-per-server-trunk 64
ProCurveRS(config)# write mem
ProCurveRS(config)# end
ProCurveRS # reload
NOTE: You must reload the software to place this configuration in effect.
NOTE: This enhancement applies to server trunk groups only, not to switch trunk groups.
Without optimization, the device performs the following types of load balancing for IP traffic.
Layer 2
The load balancing occurs at Layer 2 if the traffic is being forwarded in hardware. IP traffic on a server trunk group
is load balanced as follows:
• On a Routing Switch:
• IP traffic received on a 10/100 port or Gigabit port is load balanced based on destination IP address.
Layer 3
If any of the following features are enabled on a port, load balancing occurs in software using the entries in the
session table. In this case, the IP traffic is load balanced based on source and destination IP address.
• ACLs
• Rate limiting (Fixed Rate Limiting or Adaptive Rate Limiting)
• NetFlow
• sFlow Export
June 2005 7 - 19
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: When you enable the server trunk load balancing optimization feature on a port, the feature listed above
are disabled on that port. This occurs because the features use the session table, but the optimization feature
uses a smaller session table than the other features. The configuration information for the other features is
retained in the device’s configuration file, but the features are disabled.
Figure 7.6 Server trunk load balancing based on source and destination IP addresses
When the port connected to the client network receives traffic that needs to be forwarded to the server, the HP
device selects one of the ports in the trunk group, and forwards the traffic on the selected port.
The HP device selects the trunk port based on a hash value, which can be a number from 1 – 256. The HP device
calculates a hash value for traffic that enters the device through the server trunk load balancing port and exits the
device through a trunk group. The hash value is calculated based on the source and destination IP addresses in
the traffic.
7 - 20 June 2005
Configuring Trunk Groups and Dynamic Link Aggregation
After the HP device calculates the hash value for the traffic, the device examines the trunk ports connected to the
destination address and selects the port with the fewest hash values already assigned. After calculating a hash
value and assigning the value to a port, the device always uses the same port to forward traffic for the same
source and destination IP addresses.
For example, the first time the HP device receives traffic from 10.10.10.7 addressed to 20.20.20.88, the device
calculates the hash value 2 for the traffic. The device then checks the trunk ports to see whether a port is
assigned to hash value 2.
• If a trunk port is assigned to hash value 2, the device uses that port to forward the traffic.
• Otherwise, the device assigns hash value 2 to the trunk port with the fewest hash values already assigned to
it. The device continues to use this port for traffic with hash value 2, until a state change occurs on a trunk
port or a trunk port is added or removed.
Trunk ports keep the hash values that are assigned to them until a trunk port’s state changes or a trunk port is
added or removed. When any of these changes occurs, the HP device clears the hash values from all of the trunk
ports and begins calculating and assigning hash values again for new traffic.
Configuration Considerations
• You can enable the server trunk load balancing optimization feature on an individual port basis only. You
cannot enable the feature on a virtual routing interface basis. This is true even if you have assigned a virtual
routing interface to the trunk ports.
• Each TSP CPU has a separate hash bucket for the ports managed by the CPU. The buckets are
independent of one another. Thus, if you enable the feature on more than one port and the ports are not
managed by the same CPU, it is possible for the same hash values to be assigned to more than one trunk
port, because the values are assigned separately by each CPU.
• When you enable the server trunk load balancing optimization feature on a port, the following features are
disabled on the port:
• ACLs
• Rate limiting (Fixed Rate Limiting or Adaptive Rate Limiting)
• NetFlow
• sFlow Export
• Network Address Translation (NAT)
• Policy-Based Routing (PBR)
The features are disabled because the server trunk load balancing optimization feature uses a simpler
session table whose forwarding entries are keyed by source and destination IP addresses only. The features
listed above require use of the standard session table, which also includes keys for the IP protocol and the
source and destination TCP or UDP application ports (when the IP protocol is TCP or UDP).
The configuration information for these features remains in the device’s configuration file but the features are
disabled on the port.
Enabling Server Trunk Load Balancing Optimization (T-Flow ModuleOnly)
To enable server trunk load balancing optimization, you enable the feature on the ports that will receive the traffic
that needs to be load balanced. To enable the optimization feature on a port, enter the following command at the
configuration level for the port:
ProCurveRS(config-if-e1000-1/4)# stlb
Syntax: [no] stlb
Displaying Server Trunk Load Balancing Information
To display the current hash assignments for server trunk ports, log on to the TSP CPU that is managing the ports,
then enter the show trunk command. Here is an example.
June 2005 7 - 21
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
ProCurveRS# rconsole 2 1
ProCurveRS2/1 # show trunk
ProCurveRS2/1 #Number of trunk groups: 1
Note: Value in () is for server trunk hashing.
Trunk The trunk group number. The software numbers the groups in the
display to make the display easy to use.
Type The type of trunk group, which can be one of the following:
• Server – The trunk group is connected to a server.
• Switch – The trunk group is connected to another Routing Switch.
7 - 22 June 2005
Configuring Trunk Groups and Dynamic Link Aggregation
Duplex The mode of the port, which can be one of the following:
• None – The link on the primary trunk port is down.
• Full – The primary port is running in full-duplex.
• Half – The primary port is running in half-duplex.
Note: This field and the following fields apply only to operational trunk
groups.
Speed The speed set for the port. The value can be one of the following:
• None – The link on the primary trunk port is down.
• 10 – The port speed is 10 Mbps.
• 100 – The port speed is 100 Mbps.
• IG – The port speed is 1000 Mbps.
Tag Indicates whether the ports have 802.1q VLAN tagging. The value
can be Yes or No.
Priority Indicates the Quality of Service (QoS) priority of the ports. The priority
can be a value from 0 – 7.
June 2005 7 - 23
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
To display trunk group information for specific ports, enter a command such as the following:
Configured trunks:
Trunk ID: 1
Type: Switch
Ports_Configured: 8
Primary Port Monitored: Jointly
Operational trunks:
Trunk ID: 1
Type: Switch
Duplex: Full
Speed: 1G
Tag: No
Priority: level0
Active Ports: 6
The display is divided into sections for configured trunks and operational trunks. A configured trunk group is one
that has not been activated yet.
Table 7.7 describes the information displayed by the show trunk command.
Trunk ID The trunk group number. The software numbers the groups in the
display to make the display easy to use.
Type The type of trunk group, which can be one of the following:
• Server – The trunk group is connected to a server.
• Switch – The trunk group is connected to another Routing Switch.
7 - 24 June 2005
Configuring Trunk Groups and Dynamic Link Aggregation
Duplex The mode of the port, which can be one of the following:
• None – The link on the primary trunk port is down.
• Full – The primary port is running in full-duplex.
• Half – The primary port is running in half-duplex.
Note: This field and the following fields apply only to operational trunk
groups.
Speed The speed set for the port. The value can be one of the following:
• None – The link on the primary trunk port is down.
• 10 – The port speed is 10 Mbps.
• 100 – The port speed is 100 Mbps.
• IG – The port speed is 1000 Mbps.
Tag Indicates whether the ports have 802.1q VLAN tagging. The value
can be Yes or No.
Priority Indicates the Quality of Service (QoS) priority of the ports. The priority
can be a value from 0 – 7.
Active Ports The number of ports in the trunk group that are currently active.
LACP_Status This field appears in software releases 07.6.04 and later. For more
information about this feature, see the section “Displaying and
Determining the Status of Aggregate Links” on page 7-37.
• Ready - The port is functioning normally in the trunk group and is
able to transmit and receive LACP packets.
• Expired - The time has expired (as determined by timeout values)
and the port has shut down because the port on the other side of
the link has stopped transmitting packets.
• Down - The port’s physical link is down.
Load Sharing The number of traffic flows currently being load balanced on the trunk
ports. All traffic exchanged within the flow is forwarded on the same
trunk port. For information about trunk load sharing, see “Trunk
Group Load Sharing” on page 7-8.
June 2005 7 - 25
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Connection Type The type of trunk group, which can be one of the following:
• Server – The trunk group is connected to a server.
• Switch – The trunk group is connected to another Routing Switch.
7 - 26 June 2005
Configuring Trunk Groups and Dynamic Link Aggregation
Usage Notes
• You cannot use 802.3ad link aggregation on a port configured as a member of a static trunk group.
• This feature is supported only for 10/100 and Gigabit Ethernet ports.
• When the feature dynamically adds or changes a trunk group, the show trunk command displays the trunk
as both configured and active. However, the show running-config or write terminal command does not
contain a trunk command defining the new or changed trunk group.
• If the feature places a port into a trunk group as a secondary port, all configuration information except
information related to link aggregation is removed from the port. For example, if port 1/3 has an IP interface,
and the link aggregation feature places port 1/3 into a trunk group consisting of ports 1/1 – 1/4, the IP
interface is removed from the port.
• If you use this feature on a Routing Switch that is running OSPF or BGP4, the feature causes these protocols
to reset when a dynamic link change occurs. The reset includes ending and restarting neighbor sessions with
OSPF and BGP4 peers, and clearing and relearning dynamic route entries and forwarding cache entries.
Although the reset causes a brief interruption, the protocols automatically resume normal operation.
• You can enable link aggregation on 802.1q tagged ports (ports that belong to more than one port-based
VLAN) in software release 07.7.00 and later.
• Dynamic Operation of Allocation Keys (section 43.6.2 in the 802.3ad specification) is supported in release
07.7.00 and later.
Configuration Rules
HP ports follow the same configuration rules for dynamically created aggregate links as they do for statically
configured trunk groups. See “Trunk Group Rules” on page 7-3 and “Trunk Group Load Sharing” on page 7-8.
Figure 7.7 on page 7-28 shows some examples of valid aggregate links.
June 2005 7 - 27
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Port 1/1
Port 1/2
Port 1/3
Port 1/4
Port 1/5
Port 1/6
Port 1/7
Port 1/8
Port 1/1
Port 1/2
Port 1/3
Port 1/4
Port 1/5
Port 1/6
Port 1/7
Port 1/8
Port 1/1
Port 1/2
Port 1/3
Port 1/4
Port 1/5
Port 1/6
Port 1/7
Port 1/8
In this example, assume that link aggregation is enabled on all of the links between the HP device on the left and
the device on the right (which can be either an HP device or another vendor’s device). Notice that some ports are
not able to join an aggregate link even though link aggregation is enabled on them. The ports that are not
members of aggregate links in this example are not following the configuration rules for trunk links on HP devices.
The HP rules apply to an HP device even if the device at the other end is from another vendor and uses different
rules. See “Trunk Group Rules” on page 7-3.
The link aggregation feature automates trunk configuration but can coexist with HP’s trunk group feature. Link
aggregation parameters do not interfere with trunk group parameters.
7 - 28 June 2005
Configuring Trunk Groups and Dynamic Link Aggregation
NOTE: Use the link aggregation feature only if the device at the other end of the links you want to aggregate also
supports IEEE 802.3ad link aggregation. Otherwise, you need to manually configure the trunk links.
Link aggregation support is disabled by default. You can enable the feature on an individual port basis, in active
or passive mode.
• Active mode – When you enable a port for active link aggregation, the HP port can exchange standard LACP
Protocol Data Unit (LACPDU) messages to negotiate trunk group configuration with the port on the other side
of the link. In addition, the HP port actively sends LACPDU messages on the link to search for a link
aggregation partner at the other end of the link, and can initiate an LACPDU exchange to negotiate link
aggregation parameters with an appropriately configured remote port.
• Passive mode – When you enable a port for passive link aggregation, the HP port can exchange LACPDU
messages with the port at the remote end of the link, but the HP port cannot search for a link aggregation port
or initiate negotiation of an aggregate link. Thus, the port at the remote end of the link must initiate the
LACPDU exchange.
NOTE: HP recommends that you disable or remove the cables from the ports you plan to enable for dynamic link
aggregation. Doing so prevents the possibility that LACP will use a partial configuration to talk to the other side of
a link. A partial configuration does not cause errors, but does sometimes require LACP to be disabled and re-
enabled on both sides of the link to ensure that a full configuration is used. It's easier to disable a port or remove
its cable first. This applies both for active link aggregation and passive link aggregation.
June 2005 7 - 29
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Port 1/3
X
Port 1/4
X
7 - 30 June 2005
Configuring Trunk Groups and Dynamic Link Aggregation
Figure 7.9 shows an example of 2-port groups in a range of eight ports on which link aggregation is enabled.
Based on the states of the ports, some or all of them will be eligible to be used in an aggregate link.
Port 1/1
Group 1
Port 1/2
Port 1/3
Group 2
Port 1/4
Port 1/5
Group 3
Port 1/6
Port 1/7
Group 4
Port 1/8
Table 7.9 shows examples of the ports from Figure 7.9 that will be eligible for an aggregate link based on
individual port states.
Link Up Up Up Up Up Up Up Up 8-port
State 1/1 – 1/8
Up Up Up Up Up Down Up Up 8-port
1/1 – 1/8
June 2005 7 - 31
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
As shown in these examples, all or a subset of the ports within a port range will be eligible for formation into an
aggregate link based on port states. Notice that the sets of ports that are eligible for the aggregate link must be
valid static trunk configurations. For example, a 4-port link consisting of ports 1/4 – 1/7 is not valid because this
port configuration is not valid for static trunk groups on the HP device.
NOTE: Configuration commands for link aggregation differ depending on whether you are using the default link
aggregation key automatically assigned by the software, or if you are assigning a different, unique key. Follow the
commands below, according to the type of key you are using. For more information about keys, see “Key” on
page 7-33.
NOTE: As shown in this example, when configuring a key, it is pertinent that you assign the key prior to enabling
link aggregation.
The following commands enable passive link aggregation on ports 1/5 – 1/8:
ProCurveRS(config)# interface ethernet 1/5 to 1/8
ProCurveRS(config-mif-1/5-1/8)# link-aggregate passive
The commands in this example enable the passive mode of link aggregation on ports 1/5 – 1/8. These ports wait
for the other end of the link to contact them. After this occurs, the ports can send and receive LACPDU
messages.
To disable link aggregation on a port, enter a command such as the following:
ProCurveRS(config-if-e1000-1/8)# link-aggregate off
Syntax: [no] link-aggregate active | passive | off
Syntax: [no] link-aggregate configure [system-priority <num>] | [port-priority <num>] | [key <num>] |
[type server | switch]
7 - 32 June 2005
Configuring Trunk Groups and Dynamic Link Aggregation
NOTE: For more information about keys, including details about the syntax shown above, see “Key” on page 7-
33.
NOTE: If you are connecting the HP device to another vendor’s device and the link aggregation feature is not
working, set the system priority on the HP device to a lower priority (a higher priority value). In some cases, this
change allows the link aggregation feature to operate successfully between the two devices.
Link Type
The link type specifies whether the trunk is connecting to a server (server link) or to another networking device
(switch link). The default link type is switch.
Key
Every port that is 802.3ad-enabled has a key. The key identifies the group of potential trunk ports to which the
port belongs. Ports with the same key are called a key group and are eligible to be in the same trunk group.
When you enable link-aggregation on a tagged or untagged port, HP’s software assigns a default key to the port.
The default key is based on the position of the port within an eight-port group (the maximum number of ports in a
trunk group on a Routing Switch). The software assigns the keys in ascending numerical order, beginning with
key 0 for the first group of eight ports. For example, a 24-port module in chassis slot 1 contains keys 0, 1, and 2
by default. Ports 1/1 – 1/8 have key 0, ports 1/9 – 1/16 have key 1, and so on.
All ports within an aggregate link must have the same key. However, if the device has ports that are connected to
two different devices, and the port groups allow the ports to form into separate aggregate links with the two
devices, then each group of ports can have the same key while belonging to separate aggregate links with
different devices. Figure 7.10 on page 7-34 shows an example.
June 2005 7 - 33
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Figure 7.10 Ports with the same key in different aggregate links
Port 1/1
Port 1/2
System ID: dddd.eeee.ffff
Port 1/3
All these ports have Ports 1/5 - 1/8: Key 4
the same key, but are Port 1/4
in two separate
aggregate links with
Port 1/5
two other devices.
Port 1/6
Port 1/7
Port 1/8
Notice that the keys between one device and another do not need to match. The only requirement for key
matching is that all the ports within an aggregate link on a given device must have the same key.
Devices that support multi-slot trunk groups can form multi-slot aggregate links using link aggregation. However,
the link aggregation keys for the groups of ports on each module must match. For example, if you want to allow
link aggregation to form an aggregate link containing ports 1/1 – 1/4 and 3/5 – 3/8, you must change the link
aggregation key on one or both groups of ports so that the key is the same on all eight ports. Figure 7.11 on
page 7-35 shows an example.
7 - 34 June 2005
Configuring Trunk Groups and Dynamic Link Aggregation
Port 1/1
All ports in a multi-slot
aggregate link have Port 1/2
the same key.
Port 1/3
Port 1/4
Port 3/5
Port 3/6
Port 3/7
Port 3/8
By default, the device’s ports are divided into 4-port groups. The software dynamically assigns a unique key to
each 4-port group. If you need to divide a 4-port group into two 2-port groups, change the key in one of the groups
so that the two 2-port groups have different keys. For example, if you plan to use ports 1/1 and 1/2 in VLAN 1, and
ports 1/3 and 1/4 in VLAN 2, change the key for ports 1/3 and 1/4.
NOTE: If you change the key for a port group, HP recommends that you use the value 10000 or higher, to avoid
potential conflicts with dynamically created keys.
NOTE: For multi-slot trunk groups, you must manually configure the keys in the trunk group(s) to match. For
instructions on configuring keys manually, see “Configuring Keys For Ports with Link Aggregation Enabled” on
page 7-37.
How Changing a Port’s VLAN Membership Affects Trunk Groups and Dynamic Keys
When you change a port’s VLAN membership, and the port is currently a member of a trunk group, the following
changes occur:
• The HP device tears down the existing trunk group.
• All ports in the trunk group get a new key.
• The new key group aggregates into a new trunk group.
When you change a port’s VLAN membership, and the port is not a member of a trunk group, the following
changes occur:
• The port gets a new key depending on changes to the port’s VLAN tag type, as follows:
• Tagged to Tagged VLAN – The primary port of the trunk group gets a new key.
June 2005 7 - 35
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
• Tagged to Untagged VLAN –The port gets the default key for untagged ports.
• Untagged to Tagged VLAN – If the HP device finds a port with matching port properties, the port gets that
port’s key. If it doesn’t find one, the port gets a new key.
• Untagged to Untagged VLAN – The port gets a new key depending on whether it’s in the default VLAN or
not. If there is a trunk group associated with the key, it is not affected.
• All other ports keep their existing key.
• The new key groups try to aggregate into trunk groups.
Viewing Keys for Tagged Ports
To display link aggregation information, including the key for a specific port, enter a command such as the
following at any level of the CLI:
The command in this example shows the key and other link aggregation information for port 1/1.
To display link aggregation information, including the key for all ports on which link aggregation is enabled, enter
the following command at any level of the CLI:
ProCurveRS# sh link-agg
System ID: 0004.8055.b200
Long timeout: 90, default: 90
Short timeout: 3, default: 3
Port [Sys P] [Port P] [ Key ] [Act][Tio][Agg][Syn][Col][Dis][Def][Exp][Ope]
1/1 1 1 10000 Yes S Agg Syn Col Dis Def No Dwn
1/2 1 1 10000 Yes S Agg Syn Col Dis Def No Dwn
2/1 1 1 10000 Yes S Agg Syn Col Dis Def No Dwn
2/2 1 1 10000 Yes S Agg Syn Col Dis Def No Dwn
4/1 1 1 480 Yes S Agg Syn Col Dis Def No Dwn
4/2 1 1 480 Yes S Agg Syn Col Dis Def No Dwn
4/3 1 1 480 Yes S Agg Syn Col Dis Def No Dwn
4/4 1 1 480 Yes S Agg Syn Col Dis Def No Dwn
4/17 1 1 481 Yes S Agg Syn Col Dis Def No Ope
4/18 1 1 481 Yes S Agg Syn Col Dis Def No Ope
4/19 1 1 481 Yes S Agg Syn Col Dis Def No Ope
4/20 1 1 481 Yes S Agg Syn Col Dis Def No Ope
For information about the fields in this display, see Table 7.10 on page 7-39.
Syntax: show link-aggregation [ethernet <portnum>]
Possible values: N/A
Default value: N/A
Configuring Link Aggregation Parameters
You can configure one or more parameters on the same command line, and you can enter the parameters in any
order.
7 - 36 June 2005
Configuring Trunk Groups and Dynamic Link Aggregation
NOTE: For key configuration only, configuration commands differ depending on whether or not link aggregation
is enabled on the port(s). Follow the appropriate set of commands below, according to your system’s
configuration.
For example, to change a port group’s key from the one assigned by the software to another value, enter
commands such as the following:
NOTE: Use this command sequence to change the key for ports that do not have link aggregation enabled, and
for all other link aggregation parameters (i.e., system priority, port priority, and link type).
NOTE: As shown in this command sequence, to change the key on ports that already have link aggregation
enabled, you must first turn OFF link aggregation, configure the new key, then re-enable link aggregation.
NOTE: If you change the key for a port group, HP recommends that you use the value 10000 or higher, to avoid
potential conflicts with dynamically created keys.
The type server | switch parameter specifies whether the port group is connected to a server (server) or to
another networking device (switch). The default is switch.
You can enter one or more of the command’s parameters on the same command line, in any order.
June 2005 7 - 37
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
The following section provides details about the events that can affect the status of ports in an aggregate link and
the status of LACP messages exchanged between the ports. Later sections provide instructions for viewing these
status reports.
About Blocked Ports
HP devices can block traffic on a port or shut down a port that is part of a trunk group or aggregate link for the
following reasons:
• For the purpose of link aggregation, the ports on HP devices are grouped into pairs of two; one odd-
numbered port, and the next even-numbered port. When you configure link aggregation on a port (for
instance, on an odd-numbered port), this port will be blocked and unable to join a trunk group until you
configure the adjacent port (the even-numbered port) as part of the aggregate link. When you configure both
ports with link aggregation and assign both ports the same key, both ports are able to join a trunk group.
Once the ports become part of a trunk group, they can transmit and receive LACP packets.
NOTE: Ports that are configured as part of an aggregate link must also have the same key. For more
information about assigning keys, see the section titled “Configuring Link Aggregation Parameters” in the
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches.
• When a port joins a trunk group and the port on the other end of the link shuts down or stops transmitting
LACP packets, the HP device blocks the port. Depending on the timeout value set on the port, the link
aggregation information expires.
NOTE: For more information about timeout values, see the section titled “Displaying Link Aggregation
Information” in the Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches.
If either of these events occur, the HP device shuts down the port and notifies all the upper layer protocols that the
port is down.
HP devices can also block traffic on a port that is initially configured with link aggregation. The port is blocked until
it joins a trunk group. In this case, traffic is blocked, but the port is still operational.
A port remains blocked until one of the following events occur:
• Link aggregation is enabled on the adjacent port (the paired port) and both ports have the same key
• LACP brings the port back up
• The port joins a trunk group
Displaying Link Aggregation and Port Status Information
Use the show link-aggregation command to determine the operational status of ports associated with aggregate
links.
To display the link aggregation information for a specific port, enter a command such as the following at any level
of the CLI:
The command in this example shows the link aggregation information for port 1/1.
NOTE: The Ope column displays in software releases 07.6.04 and later.
7 - 38 June 2005
Configuring Trunk Groups and Dynamic Link Aggregation
To display the link aggregation information for all ports on which link aggregation is enabled, enter the following
command at any level of the CLI:
NOTE: The Ope column displays in software releases 07.6.04 and later.
NOTE: Ports that are configured as part of an aggregate link must also have the same key. For more
information about assigning keys, see the section titled “Configuring Link Aggregation Parameters” in the
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches.
System ID Lists the base MAC address of the device. This is also the MAC
address of port 1 (or 1/1).
Act Indicates the link aggregation mode, which can be one of the
following:
• No – The mode is passive or link aggregation is disabled (off) on
the port.
June 2005 7 - 39
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Tio Indicates the timeout value of the port. The timeout value can be one
of the following:
• L – Long. The trunk group has already been formed and the port
is therefore using a longer message timeout for the LACPDU
messages exchanged with the remote port. Typically, these
messages are used as confirmation of the health of the
aggregate link.
• S – Short. The port has just started the LACPDU message
exchange process with the port at the other end of the link. The S
timeout value also can mean that the link aggregation information
received from the remote port has expired and the ports are
starting a new information exchange.
Agg Indicates the link aggregation state of the port. The state can be one
of the following:
• Agg – Link aggregation is enabled on the port.
• No – Link aggregation is disabled on the port.
Syn Indicates the synchronization state of the port. The state can be one
of the following:
• No – The port is out of sync with the remote port. The port does
not understand the status of the LACPDU process and is not
prepared to enter a trunk link.
• Syn – The port is in sync with the remote port. The port
understands the status of the LACPDU message exchange
process, and therefore knows the trunk group to which it belongs,
the link aggregation state of the remote port, and so on.
Col Indicates the collection state of the port, which determines whether
the port is ready to send traffic over the trunk link.
• Col – The port is ready to send traffic over the trunk link.
• No – The port is not ready to send traffic over the trunk link.
Dis Indicates the distribution state of the port, which determines whether
the port is ready to receive traffic over the trunk link.
• Dis – The port is ready to receive traffic over the trunk link.
• No – The port is not ready to receive traffic over the trunk link.
Def Indicates whether the port is using default link aggregation values.
The port uses default values if it has not received link aggregation
information through LACP from the port at the remote end of the link.
This field can have one of the following values:
• Def – The port has not received link aggregation values from the
port at the other end of the link and is therefore using its default
link aggregation LACP settings.
• No – The port has received link aggregation information from the
port at the other end of the link and is using the settings
negotiated with that port.
7 - 40 June 2005
Configuring Trunk Groups and Dynamic Link Aggregation
NOTE: The software automatically updates the link aggregation configuration based on LACPDU messages.
However, clearing the link aggregation information can be useful if you are troubleshooting a configuration.
To clear the link aggregation information, use the following CLI method.
USING THE CLI
To clear the link aggregation information, enter the following command at the Privileged EXEC level of the CLI:
ProCurveRS# clear link-aggregate
Syntax: clear link-aggregate
June 2005 7 - 41
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
7 - 42 June 2005
Chapter 8
Configuring Spanning Tree Protocol (STP)
and Advanced STP Features
The Spanning Tree Protocol (STP) eliminates Layer 2 loops in networks, by selectively blocking some ports and
allowing other ports to forward traffic, based on global (bridge) and local (port) parameters you can configure.
This chapter describes how to configure Spanning Tree Protocol (STP) parameters on HP ProCurve Routing
Switches.
This chapter also describes advanced Layer 2 features that enable you to overcome limitations in the standard
802.1d Spanning Tree Protocol (STP). These are the advanced features:
• Fast Port Span
• Fast Uplink Span
• Single-instance STP
• SuperSpan
• STP per VLAN group
• Per VLAN Spanning Tree (PVST) and PVST+ Compatibility
Configuration procedures are provided for the standard STP bridge and port parameters as well as advanced STP
parameters.
• To configure standard STP parameters, see “Configuring Standard STP Parameters”.
• To configure advanced parameters, see “Configuring Advanced STP Features” on page 8-19.
Table 8.2 lists the default STP bridge parameters. The bridge parameters affect the entire spanning tree. If you
are using MSTP, the parameters affect the VLAN. If you are using SSTP, the parameters affect all VLANs that
are members of the single spanning tree.
Forward Delay The period of time a bridge will wait (the listen and learn 15 seconds
period) before beginning to forward data packets.
Possible values: 4 – 30
seconds
Maximum Age The interval a bridge will wait for a hello packet from the 20 seconds
root bridge before initiating a topology change.
Possible values: 6 – 40
seconds
Hello Time The interval of time between each configuration BPDU 2 seconds
sent by the root bridge.
Possible values: 1 – 10
seconds
NOTE: If you plan to change STP bridge timers, HP recommends that you stay within the following ranges, from
section 8.10.2 of the IEEE STP specification.
Table 8.3 lists the default STP port parameters. The port parameters affect individual ports and are separately
configurable on each port.
Priority The preference that STP gives this port relative to other 128
ports for forwarding traffic out of the spanning tree.
Possible values: 8 – 252
A higher numerical value means a lower priority; thus,
(configurable in increments
the highest priority is 8.
of 4)
Path Cost The cost of using the port to reach the root bridge. When 10 Mbps – 100
selecting among multiple links to the root bridge, STP
100 Mbps – 19
chooses the link with the lowest path cost and blocks the
other paths. Each port type has its own default STP path Gigabit – 4
cost.
10 Gigabit – 2
Possible values are 0 – 65535
NOTE: When you configure a VLAN, the VLAN inherits the global STP settings. However, once you begin to
define a VLAN, you can no longer configure standard STP parameters globally using the CLI. From that point on,
you can configure STP only within individual VLANs.
NOTE: For information about the Single and Fast checkboxes, see “Single Spanning Tree (SSTP)” on
page 8-62 and “Fast Uplink Span” on page 8-21.
NOTE: If you change the STP state of the primary port in a trunk group, the change affects all ports in the trunk
group.
NOTE: If you plan to change STP bridge timers, HP recommends that you stay within the following ranges, from
section 8.10.2 of the IEEE STP specification.
NOTE: You can configure an HP device for faster convergence (including a shorter forward delay) using Fast
Span or Fast Uplink Span. See “Configuring Advanced STP Features” on page 8-19.
The hello-time <value> parameter specifies the hello time and can be a value from 1 – 10 seconds. The default
is 2 seconds.
NOTE: This parameter applies only when this device or VLAN is the root bridge for its spanning tree.
The maximum-age <value> parameter specifies the amount of time the device waits for receipt of a hello packet
before initiating a topology change. You can specify from 6 – 40 seconds. The default is 20 seconds.
The priority <value> parameter specifies the priority and can be a value from 0 – 65535. A higher numerical
value means a lower priority. Thus, the highest priority is 0. The default is 32768.
You can specify some or all of these parameters on the same command line. If you specify more than one
parameter, you must specify them in the order shown above, from left to right.
USING THE WEB MANAGEMENT INTERFACE
To modify the STP parameters:
1. Log on to the device using a valid user name and password for read-write access. The System configuration
panel is displayed.
2. Click on the plus sign next to Configure in the tree view to display the configuration options.
3. Select the STP link to display the STP bridge and port parameters.
4. Click the Modify button in the STP bridge parameters table to display the STP configuration panel, as shown
in the following example. If the device has multiple port-based VLANs, select the Modify button next to the
VLAN on which you want to change the parameters. A dialog such as the following is displayed.
value that is not divisible by four the software rounds to the nearest value that is. The default is 128. A higher
numerical value means a lower priority; thus, the highest priority is 8.
NOTE: The range in software releases earlier than 07.5.04 is 0 – 255. If you are upgrading a device that has a
configuration saved under an earlier software release, and the configuration contains a value from 0 – 7 for a
port’s STP priority, the software changes the priority to the default when you save the configuration while running
the new release.
The disable | enable parameter disables or re-enables STP on the port. The STP state change affects only this
VLAN. The port’s STP state in other VLANs is not changed.
USING THE WEB MANAGEMENT INTERFACE
To modify the STP port parameters:
1. Log on to the device using a valid user name and password for read-write access. The System configuration
panel is displayed.
2. Click on the plus sign next to Configure in the tree view to display the configuration options.
3. Select the STP link to display the STP bridge and port parameters.
4. Click the Modify button in the STP port parameters table to display the STP configuration panel, as shown in
the following example. If the device has multiple port-based VLANs, select the Modify button next to the
VLAN on which you want to change the parameters. A dialog such as the following is displayed.
5. Select the port (and slot if applicable) from the Port and Slot pulldown lists.
6. Enter the desired changes to the priority and path cost fields.
7. Click Apply STP Port to apply the changes to only the selected port or select Apply To All Ports to apply the
changes to all the ports.
NOTE: If you want to save the priority and path costs of one port to all other ports on the device or within the
selected VLAN, you can click the Apply To All Ports button.
8. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
VLAN Root Root Root Prio Max He- Ho- Fwd Last Chg Bridge
ID ID Cost Port rity Age llo ld dly Chang cnt Address
Hex sec sec sec sec sec
1 800000e0804d4a00 0 Root 8000 20 2 1 15 689 1 00e0804d4a00
The detail parameter and its additional optional parameters display detailed information for individual ports. See
“Displaying Detailed STP Information for Each Interface” on page 8-14.
The show span command shows the following information.
VLAN ID The port-based VLAN that contains this spanning tree (instance of
STP). VLAN 1 is the default VLAN. If you have not configured port-
based VLANs on this device, all STP information is for VLAN 1.
Root ID The ID assigned by STP to the root bridge for this spanning tree.
Root Cost The cumulative cost from this bridge to the root bridge. If this device
is the root bridge, then the root cost is 0.
Root Port The port on this device that connects to the root bridge. If this device
is the root bridge, then the value is “Root” instead of a port number.
Priority Hex This device or VLAN’s STP priority. The value is shown in
hexadecimal format.
Note: If you configure this value, specify it in decimal format. See
“Changing STP Bridge Parameters” on page 8-4.
Max age sec The number of seconds this device or VLAN waits for a hello message
from the root bridge before deciding the root has become unavailable
and performing a reconvergence.
Hello sec The interval between each configuration BPDU sent by the root
bridge.
Hold sec The minimum number of seconds that must elapse between
transmissions of consecutive Configuration BPDUs on a port.
Fwd dly sec The number of seconds this device or VLAN waits following a topology
change and consequent reconvergence.
Last Chang sec The number of seconds since the last time a topology change
occurred.
Chg cnt The number of times the topology has changed since this device was
reloaded.
State The port’s STP state. The state can be one of the following:
• BLOCKING – STP has blocked Layer 2 traffic on this port to
prevent a loop. The device or VLAN can reach the root bridge
using another port, whose state is FORWARDING. When a port
is in this state, the port does not transmit or receive user frames,
but the port does continue to receive STP BPDUs.
• DISABLED – The port is not participating in STP. This can occur
when the port is disconnected or STP is disabled on the port.
• FORWARDING – STP is allowing the port to send and receive
frames.
• LISTENING – STP is responding to a topology change and this
port is listening for a BPDU from neighboring bridge(s) in order to
determine the new topology. No user frames are transmitted or
received during this state.
• LEARNING – The port has passed through the LISTENING state
and will change to the BLOCKING or FORWARDING state,
depending on the results of STP’s reconvergence. The port does
not transmit or receive user frames during this state. However,
the device can learn the MAC addresses of frames that the port
receives during this state and make corresponding entries in the
MAC table.
Fwd Trans The number of times STP has changed the state of this port between
BLOCKING and FORWARDING.
Design Cost The cost to the root bridge as advertised by the designated bridge that
is connected to this port. If the designated bridge is the root bridge
itself, then the cost is 0. The identity of the designated bridge is
shown in the Design Bridge field.
Design Root The root bridge as recognized on this port. The value is the same as
the root bridge ID listed in the Root ID field.
Design Bridge The designated bridge to which this port is connected. The
designated bridge is the device that connects the network segment on
the port to the root bridge.
8 - 10 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
VLAN ID The port-based VLAN that contains this spanning tree (instance of
STP). VLAN 1 is the default VLAN. If you have not configured port-
based VLANs on this device, all STP information is for VLAN 1.
Root ID The ID assigned by STP to the root bridge for this spanning tree.
Root Cost The cumulative cost from this bridge to the root bridge. If this device
is the root bridge, then the root cost is 0.
Root Port The port on this device that connects to the root bridge. If this device
is the root bridge, then the value is “Root” instead of a port number.
Max Age The number of seconds this device or VLAN waits for a hello message
from the root bridge before deciding the root has become unavailable
and performing a reconvergence.
Hello Time The interval between each configuration BPDU sent by the root
bridge.
Hold Time The minimum number of seconds that must elapse between
transmissions of consecutive Configuration BPDUs on a port.
Forward Delay The number of seconds this device or VLAN waits following a topology
change and consequent reconvergence.
Topology Last Change The number of seconds since the last time a topology change
occurred.
Topology Change Counter The number of times the topology has changed since this device was
reloaded.
June 2005 8 - 11
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
State The port’s STP state. The state can be one of the following:
• BLOCKING – STP has blocked Layer 2 traffic on this port to
prevent a loop. The device or VLAN can reach the root bridge
using another port, whose state is FORWARDING. When a port
is in this state, the port does not transmit or receive user frames,
but the port does continue to receive STP BPDUs.
• DISABLED – The port is not participating in STP. This can occur
when the port is disconnected or STP is disabled on the port.
• FORWARDING – STP is allowing the port to send and receive
frames.
• LISTENING – STP is responding to a topology change and this
port is listening for a BPDU from neighboring bridge(s) in order to
determine the new topology. No user frames are transmitted or
received during this state.
• LEARNING – The port has passed through the LISTENING state
and will change to the BLOCKING or FORWARDING state,
depending on the results of STP’s reconvergence. The port does
not transmit or receive user frames during this state. However,
the device can learn the MAC addresses of frames that the port
receives during this state and make corresponding entries in the
MAC table.
Transition The number of times STP has changed the state of this port between
BLOCKING and FORWARDING.
Cost The cost to the root bridge as advertised by the designated bridge that
is connected to this port. If the designated bridge is the root bridge
itself, then the cost is 0. The identity of the designated bridge is
shown in the Design Bridge field.
Root The root bridge as recognized on this port. The value is the same as
the root bridge ID listed in the Root ID field.
8 - 12 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
If the software has been running less than 15 minutes (the maximum interval for utilization statistics), the
command indicates how long the software has been running. Here is an example:
To display utilization statistics for a specific number of seconds, enter a command such as the following:
When you specify how many seconds’ worth of statistics you want to display, the software selects the sample that
most closely matches the number of seconds you specified. In this example, statistics are requested for the
previous two seconds. The closest sample available is actually for the previous 1 second plus 80 milliseconds.
Syntax: show process cpu [<num>]
The <num> parameter specifies the number of seconds and can be from 1 – 900. If you use this parameter, the
command lists the usage statistics only for the specified number of seconds. If you do not use this parameter, the
command lists the usage statistics for the previous one-second, one-minute, five-minute, and fifteen-minute
intervals.
June 2005 8 - 13
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
legend: [S=Slot]
8 - 14 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
If a port is disabled, the only information shown by this command is “DISABLED”. If a port is enabled, this display
shows the following information.
Syntax: show span detail [vlan <vlan-id> [ ethernet <portnum> ] | <num>]
The vlan <vlan-id> parameter specifies a VLAN.
The ethernet <portnum> parameter specifies an individual port within the VLAN (if specified).
The <num> parameter specifies the number of VLANs you want the CLI to skip before displaying detailed STP
information. For example, if the device has six VLANs configured (VLAN IDs 1, 2, 3, 99, 128, and 256) and you
enter the command show span detail 4, detailed STP information is displayed for VLANs 128 and 256 only.
NOTE: If the configuration includes VLAN groups, the show span detail command displays the master VLANs
of each group but not the member VLANs within the groups. However, the command does indicate that the VLAN
is a master VLAN. The show span detail vlan <vlan-id> command displays the information for the VLAN even if
it is a member VLAN. To list all the member VLANs within a VLAN group, enter the show vlan-group [<group-id>]
command.
Active Spanning Tree protocol The VLAN that contains the listed ports and the active Spanning Tree
protocol.
The STP type can be one of the following:
• MULTIPLE SPANNNG TREE (MSTP)
• GLOBAL SINGLE SPANNING TREE (SSTP)
Note: If STP is disabled on a VLAN, the command displays the
following message instead: “Spanning-tree of port-vlan <vlan-id> is
disabled.”
June 2005 8 - 15
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Table 8.6: CLI Display of Detailed STP Information for Ports (Continued)
Active global timers The global STP timers that are currently active, and their current
values. The following timers can be listed:
• Hello – The interval between Hello packets. This timer applies
only to the root bridge.
• Topology Change (TC) – The amount of time during which the
topology change flag in Hello packets will be marked, indicating a
topology change. This timer applies only to the root bridge.
• Topology Change Notification (TCN) – The interval between
Topology Change Notification packets sent by a non-root bridge
toward the root bridge. This timer applies only to non-root
bridges.
Port number and STP state The internal port number and the port’s STP state.
The internal port number is one of the following:
• The port’s interface number, if the port is the designated port for
the LAN.
• The interface number of the designated port from the received
BPDU, if the interface is not the designated port for the LAN.
The state can be one of the following:
• BLOCKING – STP has blocked Layer 2 traffic on this port to
prevent a loop. The device or VLAN can reach the root bridge
using another port, whose state is FORWARDING. When a port
is in this state, the port does not transmit or receive user frames,
but the port does continue to receive STP BPDUs.
• DISABLED – The port is not participating in STP. This can occur
when the port is disconnected or STP is administratively disabled
on the port.
• FORWARDING – STP is allowing the port to send and receive
frames.
• LISTENING – STP is responding to a topology change and this
port is listening for a BPDU from neighboring bridge(s) in order to
determine the new topology. No user frames are transmitted or
received during this state.
• LEARNING – The port has passed through the LISTENING state
and will change to the BLOCKING or FORWARDING state,
depending on the results of STP’s reconvergence. The port does
not transmit or receive user frames during this state. However,
the device can learn the MAC addresses of frames that the port
receives during this state and make corresponding entries in the
MAC table.
Note: If the state is DISABLED, no further STP information is
displayed for the port.
Port Priority This port’s STP priority. The value is shown as a hexadecimal
number.
8 - 16 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
Table 8.6: CLI Display of Detailed STP Information for Ports (Continued)
Root The ID assigned by STP to the root bridge for this spanning tree.
Designated Bridge The MAC address of the designated bridge to which this port is
connected. The designated bridge is the device that connects the
network segment on the port to the root bridge.
Designated Port The port number sent from the designated bridge.
Designated Path Cost The cost to the root bridge as advertised by the designated bridge that
is connected to this port. If the bridge is the root bridge itself, then the
cost is 0. The identity of the designated bridge is shown in the
Designated Bridge field.
Active Timers The current values for the following timers, if active:
• Message age – The number of seconds this port has been
waiting for a hello message from the root bridge.
• Forward delay – The number of seconds that have passed since
the last topology change and consequent reconvergence.
• Hold time – The number of seconds that have elapsed since
transmission of the last Configuration BPDU.
BPDUs Sent and Received The number of BPDUs sent and received on this port since the
software was reloaded.
June 2005 8 - 17
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Port Link State Dupl Speed Trunk Tag Priori MAC Name
1/1 Down None None None None No level0 00e0.52a9.bb00
1/2 Down None None None None No level0 00e0.52a9.bb01
1/3 Down None None None None No level0 00e0.52a9.bb02
1/4 Down None None None None No level0 00e0.52a9.bb03
1/5 Down None None None None No level0 00e0.52a9.bb04
1/6 Down None None None None No level0 00e0.52a9.bb05
1/7 Down None None None None No level0 00e0.52a9.bb06
1/8 Down None None None None No level0 00e0.52a9.bb07
.
. some rows omitted for brevity
.
3/10 Down None None None None No level0 00e0.52a9.bb4a
3/11 Up Forward Full 100M None No level0 00e0.52a9.bb49
In this example, only one port, 3/11, is forwarding traffic toward the root bridge.
USING THE WEB MANAGEMENT INTERFACE
To display STP information for a specific port, use the same method as the one described in “Displaying STP
Information for an Entire Device” on page 8-8:
8 - 18 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
1. Log on to the device using a valid user name and password for read-only or read-write access. The System
configuration panel is displayed.
2. Click on the plus sign next to Monitor in the tree view to display the monitoring options.
3. Select the STP link to display the STP bridge and port parameters.
In normal STP, the accelerated cache aging occurs even when a single host goes up or down. Because Fast
Port Span does not send a topology change notification when a host on a Fast Port Span port goes up or
down, the unnecessary cache aging that can occur in these circumstances under normal STP is eliminated.
Fast Port Span is a system-wide parameter and is enabled by default. Thus, when you boot a device with software
release 06.6.05 or later, all the ports that are attached only to end stations run Fast Port Span. For ports that are
June 2005 8 - 19
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
not eligible for Fast Port Span, such as ports connected to other networking devices, the device automatically uses
the normal STP settings. If a port matches any of the following criteria, the port is ineligible for Fast Port Span and
uses normal STP instead:
• The port is 802.1q tagged
• The port is a member of a trunk group
• The port has learned more than one active MAC address
• An STP Configuration BPDU has been received on the port, thus indicating the presence of another bridge on
the port.
You also can explicitly exclude individual ports from Fast Port Span if needed. For example, if the only uplink ports
for a wiring closet switch are Gigabit ports, you can exclude the ports from Fast Port Span.
Disabling and Re-enabling Fast Port Span
Fast Port Span is a system-wide parameter and is enabled by default. Thus all ports that are eligible for Fast Port
Span use it.
To disable or re-enable Fast Port Span, use one of the following methods.
USING THE CLI
To disable Fast Port Span, enter the following commands:
ProCurveRS(config)# no fast port-span
ProCurveRS(config)# write memory
Syntax: [no] fast port-span
NOTE: The fast port-span command has additional parameters that let you exclude specific ports. These
parameters are shown in the following section.
8 - 20 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
NOTE: To avoid the potential for temporary bridging loops, Hewlett-Packard recommends that you use the Fast
Uplink feature only for wiring closet switches (switches at the edge of the network cloud). In addition, enable the
feature only on a group of ports intended for redundancy, so that at any given time only one of the ports is
expected to be in the forwarding state.
June 2005 8 - 21
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
• If the working trunk group is partially down but not completely down, no switch-over to the backup occurs.
This behavior is the same as in the standard STP feature.
• If the working trunk group is completely down, a backup trunk group can go through an accelerated transition
only if the following are true:
• The trunk group is included in the fast uplink group.
• All other ports except those in this trunk group are either disabled or blocked. The accelerated transition
applies to all ports in this trunk group.
• When the original working trunk group comes back (partially or fully), the transition back to the original
topology is accelerated if the conditions listed above are met.
Configuring a Fast Uplink Port Group
To enable Fast Uplink, use one of the following methods.
USING THE CLI
To configure a group of ports for Fast Uplink Span, enter the following commands:
ProCurveRS(config)# fast uplink-span ethernet 4/1 to 4/4
ProCurveRS(config)# write memory
Syntax: [no] fast uplink-span [ethernet <portnum> [ethernet <portnum>… | to <portnum>]]
This example configures four ports, 4/1 – 4/4, as a Fast Uplink Span group. In this example, all four ports are
connected to a wiring closet switch. Only one of the links is expected to be active at any time. The other links are
redundant. For example, if the link on port 4/1 is the active link on the wiring closet switch but becomes
unavailable, one of the other links takes over. Because the ports are configured in a Fast Uplink Span group, the
STP convergence takes about four seconds instead of taking 30 seconds or longer using the standard STP
forward delay.
If you add a port that is the primary port of a trunk group, all ports in the trunk group become members of the Fast
Uplink Span group.
You can add ports to a Fast Uplink Span group by entering the fast uplink-span command additional times with
additional ports. The device can have only one Fast Uplink Span group, so all the ports you identify as Fast Uplink
Span ports are members of the same group.
To remove a Fast Uplink Span group or to remove individual ports from a group, use “no” in front of the appropriate
fast uplink-span command. For example, to remove ports 4/3 and 4/4 from the Fast Uplink Span group
configured above, enter the following commands:
ProCurveRS(config)# no fast uplink-span ethernet 4/3 to 4/4
ProCurveRS(config)# write memory
If you delete a port that is the primary port of a trunk group, all ports in the trunk group are removed from the Fast
Uplink Span group.
USING THE WEB MANAGEMENT INTERFACE
You cannot configure the Fast Uplink Span feature using the Web management interface.
8 - 22 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
NOTE: This rapid convergence will not occur on ports connected to shared media devices, such as hubs. To take
advantage of the rapid convergence provided by 802.1W, make sure to explicitly configure all point-to-point links in
a topology.
The convergence provided by the standard 802.1W protocol occurs more rapidly than the convergence provided
by previous spanning tree protocols because:
• Classic or legacy 802.1D STP protocol requires a newly selected Root port to go through listening and
learning stages before traffic convergence can be achieved. The 802.1D traffic convergence time is
calculated using the following formula:
2 x FORWARD_DELAY + BRIDGE_MAX_AGE.
If default values are used in the parameter configuration, convergence can take up to 50 seconds. (In this
document STP will be referred to as 802.1D.)
• RSTP Draft 3 works only on bridges that have Alternate ports, which are the precalculated “next best root
port”. (Alternate ports provide back up paths to the root bridge.) Although convergence occurs from 0 – 500
milliseconds in RSTP Draft 3, the spanning tree topology reverts to the 802.1D convergence if an Alternate
port is not found.
• Convergence in 802.1w bridge is not based on any timer values. Rather, it is based on the explicit
handshakes between Designated ports and their connected Root ports to achieve convergence in less than
500 milliseconds.
Bridges and Bridge Port Roles
A bridge in an 802.1W rapid spanning tree topology is assigned as the root bridge if it has the highest priority
(lowest bridge identifier) in the topology. Other bridges are referred to as non-root bridges.
Unique roles are assigned to ports on the root and non-root bridges. Role assignments are based on the following
information contained in the Rapid Spanning Tree Bridge Packet Data Unit (RST BPDU):
• Root bridge ID
• Path cost value
• Transmitting bridge ID
• Designated port ID
802.1W algorithm uses this information to determine if the RST BPDU received by a port is superior to the RST
BPDU that the port transmits. The two values are compared in the order as given above, starting with the Root
bridge ID. The RST BPDU with a lower value is considered superior. The superiority and inferiority of the RST
BPDU is used to assign a role to a port.
If the value of the received RST BPDU is the same as that of the transmitted RST BPDU, then the port ID in the
RST BPDUs are compared. The RST BPDU with the lower port ID is superior. Port roles are then calculated
appropriately.
The port’s role is included in the BPDU that it transmits. The BPDU transmitted by an 802.1W port is referred to as
an RST BPDU, while it is operating in 802.1W mode.
Ports can have one of the following roles:
• Root – Provides the lowest cost path to the root bridge from a specific bridge
• Designated – Provides the lowest cost path to the root bridge from a LAN to which it is connected
• Alternate – Provides an alternate path to the root bridge when the root port goes down
• Backup – Provides a backup to the LAN when the Designated port goes down
• Disabled – Has no role in the topology
June 2005 8 - 23
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: All examples in this document assume that all ports in the illustrated topologies are point-to-point links
and are homogeneous (they have the same path cost value) unless otherwise specified.
The topology in Figure 8.1 contains four bridges. Routing Switch 1 is the root bridge since it has the lowest bridge
priority. Routing Switch 2 through Routing Switch 4 are non-root bridges.
Port7 Port8
8 - 24 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
June 2005 8 - 25
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Port2 Port3
Routing Switch 3
Bridge priority = 2000
Port5
Edge Port
However, if any incoming RST BPDU is received from a previously configured Edge port, 802.1W automatically
makes the port as a non-edge port. This is extremely important to ensure a loop free Layer 2 operation since a
non-edge port is part of the active RSTP topology.
The 802.1W protocol can auto-detect an Edge port and a non-edge port. An administrator can also configure a
port to be an Edge port using the CLI. It is recommended that Edge ports are configured explicitly to take
advantage of the Edge port feature, instead of allowing the protocol to auto-detect them.
Point-to-Point Ports
To take advantage of the 802.1W features, ports on an 802.1W topology should be explicitly configured as point-
to-point links using the CLI. Shared media should not be configured as point-to-point links.
NOTE: Configuring shared media or non-point-to-point links as point-to-point links could lead to Layer 2 loops.
The topology in Figure 8.3 is an example of shared media that should not be configured as point-to-point links. In
Figure 8.3, a port on a bridge communicates or is connected to at least two ports.
8 - 26 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
June 2005 8 - 27
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
maximum number of BPDUs per hello interval are sent every second. Based on what mode it is operating in,
it sends out either legacy BPDUs or RST BPDUs. In this document legacy BPDUs are also referred to as STP
BPDUs.
• Port Protocol Migration – This state machine deals with compatibility with 802.1D bridges. When a legacy
BPDU is detected on a port, this state machine configures the port to transmit and receive legacy BPDUs and
operate in the legacy mode.
• Topology Change – This state machine detects, generates, and propagates topology change notifications. It
acknowledges Topology Change Notice (TCN) messages when operating in 802.1D mode. It also flushes the
MAC table when a topology change event takes place.
• Port State Transition – This state machine transitions the port to a discarding, learning, or forwarding state
and performs any necessary processing associated with the state changes.
• Port Timers – This state machine is responsible for triggering any of the state machines described above,
based on expiration of specific port timers.
In contrast to the 802.1D standard, the 802.1W standard does not have any bridge specific timers. All timers in the
CLI are applied on a per-port basis, even though they are configured under bridge parameters.
802.1W state machines attempt to quickly place the ports into either a forwarding or discarding state. Root ports
are quickly placed in forwarding state when both of the following events occur:
• It is assigned to be the Root port.
• It receives an RST BPDU with a proposal flag from a Designated port. The proposal flag is sent by ports with
a Designated role when they are ready to move into a forwarding state.
When a the role of Root port is given to another port, the old Root port is instructed to reroot. The old Root port
goes into a discarding state and negotiates with its peer port for a new role and a new state. A peer port is the port
on the other bridge to which the port is connected. For example, in Figure 8.4, Port1 of Routing Switch 200 is the
peer port of Port2 of Routing Switch 100.
A port with a Designated role is quickly placed into a forwarding state if one of the following occurs:
• The Designated port receives an RST BPDU that contains an agreement flag from a Root port
• The Designated port is an Edge port
However, a Designated port that is attached to an Alternate port or a Backup port must wait until the forward delay
timer expires twice on that port while it is still in a Designated role, before it can proceed to the forwarding state.
Backup ports are quickly placed into discarding states.
Alternate ports are quickly placed into discarding states.
A port operating in 802.1W mode may enter a learning state to allow MAC entries to be added to the filtering
database; however, this state is transient and lasts only a few milliseconds, if the port is operating in 802.1W mode
and if the port meets the conditions for rapid transition.
Handshake Mechanisms
To rapidly transition a Designated or Root port into a forwarding state, the Port Role Transition state machine uses
handshake mechanisms to ensure loop free operations. It uses one type of handshake if no Root port has been
assigned on a bridge, and another type if a Root port has already been assigned.
Handshake When No Root Port is Elected
If a Root port has not been assigned on a bridge, 802.1W uses the Proposing -> Proposed -> Sync -> Synced ->
Agreed handshake:
• Proposing – The Designated port on the root bridge sends an RST BPDU packet to its peer port that contains
a proposal flag. The proposal flag is a signal that indicates that the Designated port is ready to put itself in a
forwarding state (Figure 8.4). The Designated port continues to send this flag in its RST BPDU until it is
placed in a forwarding state (Figure 8.7) or is forced to operate in 802.1D mode. (See “Compatibility of
802.1W with 802.1D” on page 48.)
• Proposed – When a port receives an RST BPDU with a proposal flag from the Designated port on its point-to-
8 - 28 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
point link, it asserts the Proposed signal and one of the following occurs (Figure 8.4):
• If the RST BPDU that the port receives is superior to what it can transmit, the port assumes the role of a
Root port. (See the section on “Bridges and Bridge Port Roles” on page 8-23.)
• If the RST BPDU that the port receives is inferior to what it can transmit, then the port is given the role of
Designated port.
NOTE: Proposed will never be asserted if the port is connected on a shared media link.
Port2
Designated port
Proposing
RST BPDU
sent with a
Proposal
flag
Port1
Root port
Proposed
Port2 Port3
Port2 Port3
June 2005 8 - 29
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
• Sync – Once the Root port is elected, it sets a sync signal on all the ports on the bridge. The signal tells the
ports to synchronize their roles and states (Figure 8.5). Ports that are non-edge ports with a role of
Designated port change into a discarding state. These ports have to negotiate with their peer ports to
establish their new roles and states.
Port1
Designated port
Port1
Root port
Sync
Port2 Port3
Sync Sync
Discarding Discarding
Port2 Port3
Indicates a signal
8 - 30 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
• Synced – Once the Designated port changes into a discarding state, it asserts a synced signal. Immediately,
Alternate ports and Backup ports are synced. The Root port monitors the synced signals from all the bridge
ports. Once all bridge ports asserts a synced signal, the Root port asserts its own synced signal (Figure 8.6).
Port1
Designated port
Port1
Root port
Synced
Port2 Port3
Synced Synced
Discarding Discarding
Port2 Port3
Indicates a signal
June 2005 8 - 31
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
• Agreed – The Root port sends back an RST BPDU containing an agreed flag to its peer Designated port and
moves into the forwarding state. When the peer Designated port receives the RST BPDU, it rapidly
transitions into a forwarding state.
Port1
Designated port
Forwarding
RST BPDU
sent with Port1
an Agreed Root port
flag Synced
Forwarding
Port2 Port3
Synced Synced
Discarding Discarding
Port2 Port3
Indicates a signal
At this point, the handshake mechanism is complete between Routing Switch 100, the root bridge, and Routing
Switch 200.
Routing Switch 200 updates the information on the Routing Switch 200’s Designated ports (Port2 and Port3) and
identifies the new root bridge. The Designated ports send RST BPDUs, containing proposal flags, to their
downstream bridges, without waiting for the hello timers to expire on them. This process starts the handshake
with the downstream bridges.
For example, Port2/Routing Switch 200 sends an RST BPDU to Port2/Routing Switch 300 that contains a
proposal flag. Port2/Routing Switch 300 asserts a proposed signal. Ports in Routing Switch 300 then set sync
signals on the ports to synchronize and negotiate their roles and states. Then the ports assert a synced signal and
when the Root port in Routing Switch 300 asserts it’s synced signal, it sends an RST BPDU to Routing Switch 200
with an agreed flag.
This handshake is repeated between Routing Switch 200 and Routing Switch 400 until all Designated and Root
ports are in forwarding states.
8 - 32 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
Switch 100
Port2
Designated
port
Port2 Switch 60
Port1 Port4
Designated port Designated port
Port1
Root port
Port4
Switch 200
Port2 Port3
Port2 Port3
Switch 300
Switch 400
June 2005 8 - 33
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
The handshake that occurs between Routing Switch 60 and Routing Switch 100 follows the one described in the
previous section (“Handshake When No Root Port is Elected” on page 8-28). The former root bridge becomes a
non-root bridge and establishes a Root port (Figure 8.9).
However, since Routing Switch 200 already had a Root port in a forwarding state, 802.1W uses the Proposing ->
Proposed -> Sync and Reroot -> Sync and Rerooted -> Rerooted and Synced -> Agreed handshake:
• Proposing and Proposed – The Designated port on the new root bridge (Port4/Routing Switch 60) sends an
RST BPDU that contains a proposing signal to Port4/Routing Switch 200 to inform the port that it is ready to
put itself in a forwarding state (Figure 8.9). 802.1W algorithm determines that the RST BPDU that Port4/
Routing Switch 200 received is superior to what it can generate, so Port4/Routing Switch 200 assumes a
Root port role.
Proposing
Port2 Port3
8 - 34 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
• Sync and Reroot – The Root port then asserts a sync and a reroot signal on all the ports on the bridge. The
signal tells the ports that a new Root port has been assigned and they are to renegotiate their new roles and
states. The other ports on the bridge assert their sync and reroot signals. Information about the old Root port
is discarded from all ports. Designated ports change into discarding states (Figure 8.10).
Proposing
Port1
Root port
Sync
Reroot
Forwarding
Port4
Routing Switch 200 Root port
Sync
Reroot
Port2 Port3 Discarding
Sync Sync
Reroot Reroot
Discarding Discarding
Port2 Port3
Indicates a signal
June 2005 8 - 35
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
• Sync and Rerooted – When the ports on Routing Switch 200 have completed the reroot phase, they assert
their rerooted signals and continue to assert their sync signals as they continue in their discarding states.
They also continue to negotiate their roles and states with their peer ports (Figure 8.11).
Proposing
Port1
Designated port
Sync
Rerooted
Discarding
Port4
Routing Switch 200 Root port
Sync
Rerooted
Port2 Port3 Discarding
Sync Sync
Rerooted Rerooted
Discarding Discarding
Port2 Port3
8 - 36 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
• Synced and Agree – When all the ports on the bridge assert their synced signals, the new Root port asserts
its own synced signal and sends an RST BPDU to Port4/Routing Switch 60 that contains an agreed flag
(Figure 8.11). The Root port also moves into a forwarding state.
Proposing
Port1
Rerooted
RST BPDU
Synced
sent with
Discarding
an Agreed
flag
Port4
Routing Switch 200 Root port
Rerooted
Synced
Port2 Forwarding
Port3
Rerooted Rerooted
Synced Synced
Discarding Discarding
Port2 Port3
Indicates a signal
The old Root port on Routing Switch 200 becomes an Alternate Port (Figure 8.13). Other ports on that bridge are
elected to appropriate roles.
The Designated port on Routing Switch 60 goes into a forwarding state once it receives the RST BPDU with the
agreed flag.
June 2005 8 - 37
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Proposing
Port1
Alternate port
Port4
Routing Switch 200 Root port
Port2 Port3
Proposing Proposing
Port2 Port3
Recall that Routing Switch 200 sent the agreed flag to Port4/Routing Switch 60 and not to Port1/Routing Switch
100 (the port that connects Routing Switch 100 to Routing Switch 200). Therefore, Port1/Routing Switch 100 does
not go into forwarding state instantly. It waits until two instances of the forward delay timer expires on the port
before it goes into forwarding state.
At this point the handshake between the Routing Switch 60 and Routing Switch 200 is complete.
The remaining bridges (Routing Switch 300 and Routing Switch 400) may have to go through the reroot
handshake if a new Root port needs to be assigned.
8 - 38 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
NOTE: The remaining examples assume that the appropriate handshake mechanisms occur as port roles and
states change.
Convergence at Start Up
In Figure 8.14, two bridges Routing Switch 2 and Routing Switch 3 are powered up. There are point-to-point
connections between Port3/Routing Switch 2 and Port3/Routing Switch 3.
Routing Switch 2
Port3
Designated
port
Port3
Root port
Routing Switch 3
Bridge priority = 2000
At power up, all ports on Routing Switch 2 and Routing Switch 3 assume Designated port roles and are at
discarding states before they receive any RST BPDU.
Port3/Routing Switch 2, with a Designated role, transmits an RST BPDU with a proposal flag to Port3/Routing
Switch 3. A ports with a Designated role sends the proposal flag in its RST BPDU when they are ready to move to
a forwarding state.
Port3/Routing Switch 3, which starts with a role of Designated port, receives the RST BPDU and finds that it is
superior to what it can transmit; therefore, Port3/Routing Switch 3 assumes a new port role, that of a Root port.
Port3/Routing Switch 3 transmits an RST BPDU with an agreed flag back to Routing Switch 2 and immediately
goes into a forwarding state.
Port3/Routing Switch 2 receives the RST BPDU from Port3/Routing Switch 3 and immediately goes into a
forwarding state.
Now 802.1W has fully converged between the two bridges, with Port3/Routing Switch 3 as an operational root port
in forwarding state and Port3/Routing Switch 2 as an operational Designated port in forwarding state.
June 2005 8 - 39
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Port3
Routing Port5
Designated
Routing Switch 2 Switch 1 Backup port
port
Port2 Port2
Bridge priority = 1500 Root port Designated Bridge priority = 1000
port
Port3 Port4
Designated Designated port
port
Port3
Alternate
port
Port4
Bridge priority = 2000 Root port
Routing Switch 3
8 - 40 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
Now, Port3/Routing Switch 3 is currently in a discarding state and is negotiating a port role. It received RST
BPDUs from Port3/Routing Switch 2. The 802.1W algorithm determines that the RST BPDUs Port3/Routing
Switch 3 received are superior to those it can transmit; however, they are not superior to those that are currently
being received by the current Root port (Port4). Therefore, Port3 retains the role of Alternate port.
Ports 3/Routing Switch 1 and Port5/Routing Switch 1 are physically connected. Port5/Routing Switch 1 received
RST BPDUs that are superior to those received on Port3/Routing Switch 1; therefore, Port5/Routing Switch 1 is
given the Backup port role while Port3 is given the Designated port role. Port3/Routing Switch 1, does not go
directly into a forwarding state. It waits until the forward delay time expires twice on that port before it can proceed
to the forwarding state.
Once convergence is achieved, the active Layer 2 forwarding path converges as shown in Figure 8.16.
Routing Switch 2
Bridge priority = 200
Port5 Port2
Port2 Port2
June 2005 8 - 41
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Routing
Routing Switch 2 Port3 Switch 1 Port5
Port2
Bridge priority = 1500 Port2 Bridge priority = 1000
Port3 Port4
Port3 Port4
Routing Switch 3
8 - 42 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
previous Root port, enters a discarding state and negotiates with other ports on the bridge to establish its new role
and state, until it finally assumes the role of a Designated port.
Next, the following happens:
• Port3/Routing Switch 2, the Designated port, sends an RST BPDU, with a proposal flag to Port3/Routing
Switch 3.
• Port2/Routing Switch 2 also sends an RST BPDU with an agreed flag to Port2/Routing Switch 1 and then
places itself into a forwarding state.
When Port2/Routing Switch 1 receives the RST BPDU with an agreed flag sent by Port2/Routing Switch 2, it puts
that port into a forwarding state. The topology is now fully converged.
When Port3/Routing Switch 3 receives the RST BPDU that Port3/Routing Switch 2 sent, 802.1W algorithm
determines that these RST BPDUs are superior to those that Port3/Routing Switch 3 can transmit. Therefore,
Port3/Routing Switch 3 is given a new role, that of an Alternate port. Port3/Routing Switch 3 immediately enters a
discarding state.
Now Port3/Routing Switch 2 does not go into a forwarding state instantly like the Root port. It waits until the
forward delay timer expires twice on that port while it is still in a Designated role, before it can proceed to the
forwarding state. The wait, however, does not cause a denial of service, since the essential connectivity in the
topology has already been established.
When fully restored, the topology is the same as that shown on Figure 8.15.
Convergence in a Complex 802.1W Topology
The following is an example of a complex 802.1W topology.
Routing Switch 2
Bridge priority = 200
Port5 Port2
Port2 Port2
In Figure 8.18, Routing Switch 5 is selected as the root bridge since it is the bridge with the highest priority. Lines
in the figure show the point-to-point connection to the bridges in the topology.
June 2005 8 - 43
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Routing Switch 5 sends an RST BPDU that contains a proposal flag to Port5/Routing Switch 2. When handshakes
are completed in Routing Switch 5, Port5/Routing Switch 2 is selected as the Root port on Routing Switch 2. All
other ports on Routing Switch 2 are given Designated port role with discarding states.
Port5/Routing Switch 2 then sends an RST BPDU with an agreed flag to Routing Switch 5 to confirm that it is the
new Root port and the port enters a forwarding state. Port7 and Port8 are informed of the identity of the new Root
port. 802.1W algorithm selects Port7 as the Designated port while Port8 becomes the Backup port.
Port3/Routing Switch 5 sends an RST BPDU to Port3/Routing Switch 6 with a proposal flag. When Port3/Routing
Switch 5 receives the RST BPDU, handshake mechanisms select Port3 as the Root port of Routing Switch 6. All
other ports are given a Designated port role with discarding states. Port3/Routing Switch 6 then sends an RST
BPDU with an agreed flag to Port3/Routing Switch 5 to confirm that it is the Root port. The Root port then goes
into a forwarding state.
Now, Port4/Routing Switch 6 receives RST BPDUs that are superior to what it can transmit; therefore, it is given
the Alternate port role. The port remains in discarding state.
Port5/Routing Switch 6 receives RST BPDUs that are inferior to what it can transmit. The port is then given a
Designated port role.
Next Routing Switch 2 sends RST BPDUs with a proposal flag to Port3/Routing Switch 4. Port3 becomes the Root
port for the bridge; all other ports are given a Designated port role with discarding states. Port3/Routing Switch 4
sends an RST BPDU with an agreed flag to Routing Switch 2 to confirm that it is the new Root port. The port then
goes into a forwarding state.
Now Port4/Routing Switch 4 receives an RST BPDU that is superior to what it can transmit. The port is then given
an Alternate port role, and remains in discarding state.
Likewise, Port5/Switch 4 receives an RST BPDU that is superior to what it can transmit. The port is also given an
Alternate port role, and remains in discarding state.
Port2/Routing Switch 2 transmits an RST BPDU with a proposal flag to Port2/Routing Switch 1. Port2/Routing
Switch 1 becomes the Root port. All other ports on Routing Switch 1 are given Designated port roles with
discarding states.
Port2/Routing Switch 1 sends an RST BPDU with an agreed flag to Port2/Routing Switch 2 and Port2/Routing
Switch 1 goes into a forwarding state.
Port3/Routing Switch 1 receives an RST BPDUs that is inferior to what it can transmit; therefore, the port retains
its Designated port role and goes into forwarding state only after the forward delay timer expires twice on that port
while it is still in a Designated role.
Port3/Routing Switch 2 sends an RST BPDU to Port3/Routing Switch 3 that contains a proposal flag. Port3/
Routing Switch 3 becomes the Root port, while all other ports on Routing Switch 3 are given Designated port roles
and go into discarding states. Port3/Routing Switch 3 sends an RST BPDU with an agreed flag to Port3/Routing
Switch 2 and Port3/Routing Switch 3 goes into a forwarding state.
Now, Port2/Routing Switch 3 receives an RST BPDUs that is superior to what it can transmit so that port is given
an Alternate port state.
Port4/Routing Switch 3 receives an RST BPDU that is inferior to what it can transmit; therefore, the port retains its
Designated port role.
Ports on all the bridges in the topology with Designated port roles that received RST BPDUs with agreed flags go
into forwarding states instantly. However, Designated ports that did not receive RST BPDUs with agreed flags
must wait until the forward delay timer expires twice on those port. Only then will these port move into forwarding
states.
The entire 802.1W topology converges in less than 300 msec and the essential connectivity is established
between the designated ports and their connected root ports.
8 - 44 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
After convergence is complete, Figure 8.19 shows the active Layer 2 path of the topology in Figure 8.18.
Routing Switch 2
Bridge priority = 200
Port5 Port2
Port2 Port2
NOTE: Edge ports, Alternate ports, or Backup ports do not need to propagate a topology change.
The TCN is sent in the RST BPDU that a port sends. Ports on other bridges in the topology then acknowledge the
topology change once they receive the RST BPDU, and send the TCN to other bridges until all the bridges are
informed of the topology change.
June 2005 8 - 45
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
For example, Port3/Routing Switch 2 in Figure 8.20, fails. Port4/Routing Switch 3 becomes the new Root port.
Port4/Routing Switch 3 sends an RST BPDU with a TCN to Port4/Routing Switch 4. To propagate the topology
change, Port4/Routing Switch 4 then starts a TCN timer on itself, on the bridge’s Root port, and on other ports on
that bridge with a Designated role. Then Port3/Routing Switch 4 sends RST BPDU with the TCN to Port4/Routing
Switch 2. (Note the new active Layer 2 path in Figure 8.20.)
Routing Switch 2
Bridge priority = 200
Port5 Port2
Port2 Port2
Port3
Port3 Port4 Port3
8 - 46 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
Routing Switch 2 then starts the TCN timer on the Designated ports and sends RST BPDUs that contain the TCN
as follows (Figure 8.21):
• Port5/Routing Switch 2 sends the TCN to Port2/Routing Switch 5
• Port4/Routing Switch 2 sends the TCN to Port4/Routing Switch 6
• Port2/Routing Switch 2 sends the TCN to Port2/Routing Switch 1
Routing Switch 2
Bridge priority = 200
Port5 Port2
Port2 Port2
Port3
Port3 Port4 Port3
June 2005 8 - 47
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Then FRY1, Routing Switch 5, and Routing Switch 6 send RST BPDUs that contain the TCN to Routing Switch 3
and Routing Switch 4 to complete the TCN propagation (Figure 8.22).
Routing Switch 2
Bridge priority = 200
Port5 Port2
Port2 Port2
Port3
Port3 Port4 Port3
8 - 48 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
For example, in Figure 8.23, Routing Switch 10 and Routing Switch 30 receive legacy BPDUs from Routing
Switch 20. Ports on Routing Switch 10 and Routing Switch 30 begin sending BPDUs in STP format to allow them
to operate transparently with Routing Switch 20.
Once Routing Switch 20 is removed from the LAN, Routing Switch 10 and Routing Switch 30 receive and transmit
BPDUs in the STP format to and from each other. This state will continue until the administrator enables the force-
migration-check command to force the bridge to send RSTP BPDU during a migrate time period. If ports on the
bridges continue to hear only STP BPDUs after this migrate time period, those ports will return to sending STP
BPDUs. However, when the ports receive RST BPDUs during the migrate time period, the ports begin sending
RST BPDUs. The migrate time period is non-configurable. It has a value of three seconds.
NOTE: The IEEE standards state that 802.1W bridges need to interoperate with 802.1D bridges. IEEE
standards set the path cost of 802.1W bridges to be between 1 and 200,000,000; whereas path cost of 802.1D
bridges are set between 1 and 65,535. In order for the two bridge types to be able to interoperate in the same
topology, the administrator needs to configure the bridge path cost appropriately. Path costs for either 802.1W
bridges or 802.1D bridges need to be changed; in most cases, path costs for 802.1W bridges need to be changed.
June 2005 8 - 49
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: If you change the 802.1W state of the primary port in a trunk group, the change affects all ports in that
trunk group.
8 - 50 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
The hello-time <value> parameter specifies the interval between two hello packets. This parameter can have a
value from 1 – 10 seconds. The default is 2 seconds; however, set this value to at least 4 seconds to provide
enough time for BPDUs to reach the root bridge before the timeout period expires on a non-root bridge port.
The max-age <value> parameter specifies the amount of time the device waits to receive a hello packet before it
initiates a topology change. You can specify a value from 6 – 40 seconds. The default is 20 seconds.
Beginning with software release 07.6.04, the value of max-age must be greater than the value of forward-delay
to ensure that the downstream bridges do not age out faster than the upstream bridges (those bridges that are
closer to the root bridge).
The force-version <value> parameter forces the bridge to send BPDUs in a specific format. You can specify one
of the following values:
• 0 – The STP compatibility mode. Only STP (or legacy) BPDUs will be sent.
• 2 – The default. RST BPDUs will be sent unless a legacy bridge is detected. If a legacy bridge is detected,
STP BPDUs will be sent instead.
The default is 2.
The priority <value> parameter specifies the priority of the bridge. You can enter a value from 0 – 65535. A lower
numerical value means a the bridge has a higher priority. Thus, the highest priority is 0. The default is 32768.
You can specify some or all of these parameters on the same command line. If you specify more than one
parameter, you must specify them in the order shown above, from left to right.
USING THE WEB MANAGEMENT INTERFACE
You cannot modify 802.1W bridge parameters using the Web management interface.
June 2005 8 - 51
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
The priority <value> parameter specifies the preference that 802.1W gives to this port relative to other ports for
forwarding traffic out of the topology. You can specify a value from 8 – 252, in increments of 4. If you enter a value
that is not divisible by four the software rounds to the nearest value that is. The default is 128. A higher numerical
value means a lower priority; thus, the highest priority is 8
Set the admin-edge-port to enabled or disabled. If set to enabled, then the port becomes an edge port in the
domain.
Set the admin-pt2pt-mac to enabled or disabled. If set to enabled, then a port is connected to another port
through a point-to-point link. The point-to-point link increases the speed of convergence. This parameter,
however, does not auto-detect whether or not the link is a physical point-to-point link.
The force-migration-check parameter forces the specified port to sent one RST BPDU. If only STP BPDUs are
received in response to the sent RST BPDU, then the port will go return to sending STP BPDUs.
USING THE WEB MANAGEMENT INTERFACE
You cannot modify 802.1W port parameters using the Web management interface.
EXAMPLE:
Suppose you want to enable 802.1W on a system with no active port-based VLANs and change the hello-time
from the default value of 2 to 8 seconds. Additionally, suppose you want to change the path and priority costs for
port 5 only. To do so, enter the following commands.
ProCurveRS(config)# spanning-tree 802-1w hello-time 8
ProCurveRS(config)# spanning-tree 802-1w ethernet 5 path-cost 15 priority 64
Displaying Information About 802-1W
You can display a summary or details of the 802.1W information.
8 - 52 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
ProCurveRS(config)#show 802-1w
--- VLAN 1 [ STP Instance owned by VLAN 1 ] ----------------------------
VLAN 1 BPDU cam_index is 2 and the IGC and DMA master Are(HEX) 0 1 2 3
Bridge IEEE 802.1W Parameters:
Bridge Bridge Bridge Bridge Force tx
Identifier MaxAge Hello FwdDly Version Hold
hex sec sec sec cnt
800000e080541700 20 2 15 Default 3
VLAN ID The port-based VLAN that owns the STP instance. VLAN 1 is the
default VLAN. If you have not configured port-based VLANs on this
device, all 802.1W information is for VLAN 1.
Bridge Max Age The configured max age for this bridge. The default is 20.
Bridge Hello The configured hello time for this bridge.The default is 2.
Bridge FwdDly The configured forward delay time for this bridge. The default is 15.
June 2005 8 - 53
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Force-Version The configured force version value. One of the following value is
displayed:
• 0 – The bridge has been forced to operate in an STP compatibility
mode.
• 2 – The bridge has been forced to operate in an 802.1W mode.
(This is the default.)
txHoldCnt The number of BPDUs that can be transmitted per Hello Interval. The
default is 3.
Root Bridge Identifier ID of the Root bridge that is associated with this bridge
Root Path Cost The cost to reach the root bridge from this bridge. If the bridge is the
root bridge, then this parameter shows a value of zero.
Designated Bridge Identifier The bridge from where the root information was received.It can be
from the root bridge itself, but it could also be from another bridge.
Root Port The port on which the root information was received. This is the port
that is connected to the Designated Bridge.
Max Age The max age is derived from the Root port. An 802.1W-enabled
bridge uses this value, along with the hello and message age
parameters to compute the effective age of an RST BPDU.
The message age parameter is generated by the Designated port
and transmitted in the RST BPDU. RST BPDUs transmitted by a
Designated port of the root bridge contains a message value of zero.
Effective age is the amount of time the Root port, Alternate port, or
Backup port retains the information it received from its peer
Designated port. Effective age is reset every time a port receives an
RST BPDU from its Designated port. If a Root port does not receive
an RST BPDU from its peer Designated port for a duration more than
the effective age, the Root port ages out the existing information and
recomputes the topology.
If the port is operating in 802.1D compatible mode, then max age
functionality is the same as in 802.1D (STP).
Fwd Dly The number of seconds a non-edge Designated port waits until it can
apply any of the following transitions, if the RST BPDU it receives
does not have an agreed flag:
• Discarding state to learning state
• Learning state to forwarding state
When a non-edge port receives the RST BPDU it goes into forwarding
state within 4 seconds or after two hello timers expire on the port.
Fwd Dly is also the number of seconds that a Root port waits for an
RST BPDU with a proposal flag before it applies the state transitions
listed above.
If the port is operating in 802.1D compatible mode, then forward delay
functionality is the same as in 802.1D (STP).
8 - 54 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
Hello The hello value derived from the Root port. It is the number of
seconds between two Hello packets.
Pri The configured priority of the port. The default is 128 or 0x80.
Port Path Cost The configured path cost on a link connected to this port.
State The port’s current 802.1W state. A port can have one of the following
states:
• Forwarding
• Discarding
• Learning
• Disabled
Refer to “Bridge Port States” on page 8-27 and “Edge Port and Non-
Edge Port States” on page 8-27.
Designated Cost The best root path cost that this port received, including the best root
path cost that it can transmit.
Designated Bridge The ID of the bridge that sent the best RST BPDU that was received
on this port.
June 2005 8 - 55
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
VLAN ID ID of the VLAN that owns the instance of 802.1W and whether or not it
is active.
txHoldCount The number of BPDUs that can be transmitted per Hello Interval. The
default is 3.
8 - 56 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
State The port’s current 802.1W state. A port can have one of the following
states:
• Forwarding
• Discarding
• Learning
• Disabled
Refer to “Bridge Port States” on page 8-27 and “Edge Port and Non-
Edge Port States” on page 8-27.
Path Cost The configured path cost on a link connected to this port.
Priority The configured priority of the port. The default is 128 or 0x80.
AdminOperEdge Indicates if the port is an operational Edge port. Edge ports may either
be auto-detected or configured (forced) to be Edge ports using the
CLI:
• T – The port is and Edge port.
• F – The port is not an Edge port. This is the default.
June 2005 8 - 57
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
ActiveTimers Shows what timers are currently active on this port and the number of
seconds they have before they expire:
• rrWhile – Recent root timer. A non-zero value means that the port
has recently been a Root port.
• rcvdInfoWhile – Received information timer. Shows the time
remaining before the information held by this port expires (ages
out). This timer is initialized with the effective age parameter.
(See “Max Age” on page 8-54.)
• rbWhile – Recent backup timer. A non-zero value means that the
port has recently been a Backup port.
• helloWhen – Hello period timer. The value shown is the amount of
time between hello messages.
• tcWhile – Topology change timer. The value shown is the interval
when topology change notices can be propagated on this port.
• fdWhile – Forward delay timer. (See the explanation for Fwd Dly
on page 54.)
• mdelayWhile – Migration delay timer. The amount of time that a
bridge on the same LAN has to synchronize its migration state
with this port before another BPDU type can cause this port to
change the BPDU that it transmits.
Machine States The current states of the various state machines on the port:
• PIM – State of the Port Information state machine.
• PRT – State of the Port Role Transition state machine.
• PST – State of the Port State Transition state machine.
• TCM – State of the Topology Change state machine.
• PPM – State of the Port Protocol Migration.
• PTX – State of the Port Transmit state machine.
Refer to the section “State Machines” on page 8-27 for details on
state machines.
Received Shows the number of BPDU types the port has received:
• RST BPDU – BPDU in 802.1W format.
• Config BPDU – Legacy configuration BPDU (802.1D format).
• TCN BPDU – Legacy topology change BPDU (802.1D format).
802.1W Draft 3
As an alternative to full 802.1W, you can configure 802.1W Draft 3. 8021.W Draft 3 provides a subset of the RSTP
capabilities described in the 802.1W STP specification.
8021.W Draft 3 support is disabled by default. When the feature is enabled, if a root port on an HP device that is
not the root bridge becomes unavailable, the device can automatically Routing Switch over to an alternate root
port, without reconvergence delays. 8021.W Draft 3 does not apply to the root bridge, since all the root bridge’s
ports are always in the forwarding state.
Figure 8.24 shows an example of an optimal STP topology. In this topology, all the non-root bridges have at least
two paths to the root bridge (Routing Switch 1 in this example). One of the paths is through the root port. The
8 - 58 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
other path is a backup and is through the alternate port. While the root port is in the forwarding state, the alternate
port is in the blocking state.
Root Bridge
Bridge priority = 2 Bridge priority = 4
Root port = 2/2
Port 1/4 Port 2/4
Alternate = 2/3, 2/4
FWD FWD
If the root port on a Routing Switch becomes unavailable, 8021.W Draft 3 immediately fails over to the alternate
port, as shown in Figure 8.25.
June 2005 8 - 59
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Root Bridge
Bridge priority = 2 Bridge priority = 4
Port 1/4 Port 2/4 Root port = 2/2
FWD FWD Alternate = 2/3, 2/4
In this example, port 3/3 on Routing Switch 3 has become unavailable. In standard STP (802.1D), if the root port
becomes unavailable, the Routing Switch must go through the listening and learning stages on the alternate port
to reconverge with the spanning tree. Thus, port 3/4 must go through the listening and learning states before
entering the forwarding state and thus reconverging with the spanning tree.
8021.W Draft 3 avoids the reconvergence delay by calculating an alternate root port, and immediately failing over
to the alternate port if the root port becomes unavailable. The alternate port is in the blocking state as long as the
root port is in the forwarding state, but moves immediately to the active state if the root port becomes unavailable.
Thus, using 8021.W Draft 3, Routing Switch 3 immediately fails over to port 3/4, without the delays caused by the
listening and learning states.
8021.W Draft 3 selects the port with the next-best cost to the root bridge. For example, on Routing Switch 3, port
3/3 has the best cost to the root bridge and thus is selected by STP as the root port. Port 3/4 has the next-best
cost to the root bridge, and thus is selected by 8021.W Draft 3 as the alternate path to the root bridge.
Once a failover occurs, the Routing Switch no longer has an alternate root port. If the port that was an alternate
port but became the root port fails, standard STP is used to reconverge with the network. You can minimize the
reconvergence delay in this case by setting the forwarding delay on the root bridge to a lower value. For example,
if the forwarding delay is set to 15 seconds (the default), change the forwarding delay to a value from 3 – 10
seconds.
During failover, 8021.W Draft 3 flushes the MAC addresses leaned on the unavailable root port, selects the
alternate port as the new root port, and places that port in the forwarding state. If traffic is flowing in both
directions on the new root port, addresses are flushed (moved) in the rest of the spanning tree automatically.
8 - 60 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
Reconvergence Time
Spanning tree reconvergence using 8021.W Draft 3 can occur within one second.
After the spanning tree reconverges following the topology change, traffic also must reconverge on all the bridges
attached to the spanning tree. This is true regardless of whether 8021.W Draft 3 or standard STP is used to
reconverge the spanning tree.
Traffic reconvergence happens after the spanning tree reconvergence, and is achieved by flushing the Layer 2
information on the bridges.
• Following 8021.W Draft 3 reconvergence of the spanning tree, traffic reconvergence occurs in the time it takes
for the bridge to detect the link changes plus the STP maximum age set on the bridge.
• If standard STP reconvergence occurs instead, traffic reconvergence takes two times the forward delay plus
the maximum age.
NOTE: 8021.W Draft 3 does not apply when a failed root port comes back up. In this case, standard STP is
used.
Configuration Considerations
8021.W Draft 3 is disabled by default. To ensure optimal performance of the feature before you enable it:
• Configure the bridge priorities so that the root bridge is one that supports 8021.W Draft 3. (Use an HP device
or third-party device that supports 8021.W Draft 3.)
• Change the forwarding delay on the root bridge to a value lower than the default 15 seconds. HP
recommends a value from 3 – 10 seconds. The lower forwarding delay helps reduce reconvergence delays in
cases where 8021.W Draft 3 is not applicable, such as when a failed root port comes back up.
• Configure the bridge priorities and root port costs so that each device has an active path to the root bridge if
its root port becomes unavailable. For example, port 3/4 is connected to port 2/4 on Routing Switch 2, which
has the second most favorable bridge priority in the spanning tree.
NOTE: If reconvergence involves changing the state of a root port on a bridge that supports 802.1D STP but not
8021.W Draft 3, then reconvergence still requires the amount of time it takes for the ports on the 802.1D bridge to
change state to forwarding (as needed), and receive BPDUs from the root bridge for the new topology.
NOTE: STP must be enabled before you can enable 8021.W Draft 3.
June 2005 8 - 61
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: This command does not also enable STP. To enable STP, first enter the spanning-tree command
without the rstp parameter. After you enable STP, enter the spanning-tree rstp command to enable 8021.W
Draft 3.
NOTE: This command does not also enable single STP. To enable single STP, first enter the spanning-tree
single command without the rstp parameter. After you enable single STP, enter the spanning-tree single rstp
command to enable 8021.W Draft 3.
To disable 8021.W Draft 3 on a device that is running single STP, enter the following command:
ProCurveRS(config)# no spanning-tree single rstp
NOTE: When SSTP is enabled, the BPDUs on tagged ports go out untagged.
If you disable SSTP, all VLANs that were members of the single spanning tree run MSTP instead. In MSTP, each
VLAN has its own spanning tree. VLANs that were not members of the single spanning tree were not enabled for
STP. Therefore, STP remains disabled on those VLANs.
Enabling SSTP
To enable SSTP, use one of the following methods.
8 - 62 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
NOTE: If the device has only one port-based VLAN (the default VLAN), then the device is already running a
single instance of STP. In this case, you do not need to enable SSTP. You need to enable SSTP only if the device
contains more than one port-based VLAN and you want all the ports to be in the same STP broadcast domain.
NOTE: If the device has only one port-based VLAN, the CLI command for enabling SSTP is not listed in the CLI.
The command is listed only if you have configured a port-based VLAN.
To change a global STP parameter, enter a command such as the following at the global CONFIG level:
ProCurveRS(config) spanning-tree single priority 2
This command changes the STP priority for all ports to 2.
To change an STP parameter for a specific port, enter commands such as the following:
ProCurveRS(config) spanning-tree single ethernet 1/1 priority 10
The commands shown above override the global setting for STP priority and set the priority to 10 for port 1/1.
Here is the syntax for the global STP parameters.
Syntax: [no] spanning-tree single [forward-delay <value>]
[hello-time <value>] | [maximum-age <time>] | [priority <value>]
Here is the syntax for the STP port parameters.
Syntax: [no] spanning-tree single [ethernet <portnum> path-cost <value> | priority <value>]
NOTE: Both commands listed above are entered at the global CONFIG level.
June 2005 8 - 63
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
then the command output has three STP entries. To display information for VLANs 10 and 2024 only, enter show
span 1.
The detail parameter and its additional optional parameters display detailed information for individual ports. See
“Displaying Detailed STP Information for Each Interface” on page 8-14.
USING THE WEB MANAGEMENT INTERFACE
1. Log on to the device using a valid user name and password for read-write access. The System configuration
dialog is displayed.
2. Click on the Single checkbox next to Spanning Tree to place a checkmark in the box, as shown in the following
example.
SuperSpan™
SuperSpan is an HP STP enhancement that allows Service Providers (SPs) to use STP in both SP networks and
customer networks. The SP devices are HP devices and are configured to tunnel each customers' STP BPDUs
through the SP. From the customer's perspective, the SP network is a loop-free non-blocking device or network.
The SP network behaves like a hub in the sense that the necessary blocking occurs in the customer network, not
in the SP.
The HP interfaces that connect the SP to a customer's network are configured as SuperSpan boundary interfaces.
Each SuperSpan boundary interface is configured with a customer ID, to uniquely identify the customer's network
within SuperSpan.
8 - 64 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
Figure 8.26 shows an example SuperSpan implementation. In this example, an SP's network is connected to
multiple customers. Each customer network is running its own instance of standard STP. The HP devices in the
SP are running SuperSpan.
SuperSpan
root bridge
BLK
SP 2
Cust 2 Port 1/2 Port 2/2
In this example, the SP network contains two devices that are running SuperSpan. The SP is connected to two
customer networks. Each customer network is running its own instance of STP. SuperSpan prevents Layer 2
loops in the traffic flow with each customer while at the same time isolating each customer’s traffic and spanning
tree from the traffic and spanning trees of other customers. For example, the SP devices provide loop prevention
for Customer 1 while ensuring that Customer 1’s traffic is never forwarded to Customer 2. In this example,
customer 1 has two interfaces to the SP network, ports 1/1 and 1/2 connected to SP 1. The SP network behaves
like a non-blocking hub. BPDUs are tunneled through the network. To prevent a Layer 2 loop, customer 1’s port
1/2 enters the blocking state.
Customer ID
SuperSpan uses a SuperSpan customer ID to uniquely identify and forward traffic for each customer. You assign
the customer ID as part of the SuperSpan configuration of the HP devices in the SP. In Figure 8.26, the spanning
trees of customer 1 and customer 2 do not interfere with one another because the SP network isolates each
customer’s spanning tree based on the SuperSpan customer IDs in the traffic.
BPDU Forwarding
When an HP device receives a customer's BPDU on a boundary interface, the device changes the destination
MAC address of the BPDU from the bridge group address (01-80-c2-00-00-00) as follows:
• The first byte (locally administered bit) is changed from 01 to 03, to indicate that the BPDU needs to be
tunneled.
• The fourth and fifth bytes are changed to the customer STP ID specified on the boundary interface.
For example, if the customer's STP ID is 1, the destination MAC address of the customer's BPDUs is changed to
the following: 03-80-c2-00-01-00.
Each HP device that is configured for SuperSpan forwards the BPDU using the changed destination MAC
address. At the other end of the tunnel, the HP device connected to the customer's network changes the
destination MAC address back to the bridge group address (01-80-c2-00-00-00).
June 2005 8 - 65
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Preforwarding State
To ensure that the customer's network has time to converge at Layer 2 and prevent loops, the HP devices
configured for SuperSpan use a special forwarding state, Preforwarding. The Preforwarding state occurs between
the Learning and Forwarding states and by default lasts for five seconds. During the Preforwarding state, the HP
device forwards tunneled BPDUs from customers only and does not forward data traffic. This ensures that the
customer’s network will detect the Layer 2 loop and block a port. The SP network remains unblocked. After the
Preforwarding state, the HP ports change to the Forwarding state and forward data traffic as well as BPDUs.
The default length of the Preforwarding state is five seconds. You can change the length of the Preforwarding
state to a value from 3 – 30 seconds.
Figure 8.27 shows an example of how the Preforwarding state is used.
SuperSpan
root bridge
SP 1
FWD
FWD
Cust 1
FWD
BLK
In this example, a customer has two links to the SP. Since the SP is running SuperSpan, the SP ports enter the
Preforwarding state briefly to allow the customer ports connected to the SP to detect the Layer 2 loop and block
one of the ports.
NOTE: If you add a new device to a network that is already running SuperSpan, you must enable SuperSpan on
the new device, at least on the VLANs that will be tunneling the customer traffic. Otherwise, the new device does
not use the Preforwarding state. This can cause the wrong ports to be blocked.
8 - 66 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
NOTE: All the combinations listed above are supported when the boundary ports joining the SP SuperSpan
domain to the client spanning trees are untagged. For example, all these combinations are valid in super
aggregated VLAN configurations. If the boundary ports are tagged, you cannot use Single STP in the client
network in combination with multiple spanning trees in the SP SuperSpan domain.
2/2
R 10 R
100
1/1 2/1
Customer Provider
Region Region
3/1 2/1
R 20 R
200 2/2
Both the customer and SP regions are running multiple spanning trees (one per port-based VLAN) in the Layer 2
switched network. The customer network contains VLANs 10 and 20 while the SP network contains VLANs 100
and 200. Customer traffic from VLAN 10 and VLAN 20 is aggregated by VLAN 100 in the SP since the boundary
ports, 2/1 on R100 and R200, are untagged members of VLAN 100. By adjusting the bridge priority on VLANs 10
and 20, the customer can select a different root bridge for each spanning tree running in the customer network.
In the above example, STP in VLAN 10 will select R10 as the root bridge and make 1/1 on R10 forwarding while
blocking port 3/1 on R20. The opposite occurs for STP in VLAN 20. As a result, both links connecting the
customer and SP regions are fully utilized and serve as backup links at the same time, providing loop-free, non-
blocking connectivity. In the SP network, multiple STP instances are running (one for VLAN 100 and one for VLAN
200) to ensure loop-free, non-blocking connectivity in each VLAN.
SuperSPAN boundaries are configured at port 2/1 of R100 and R200. Since the customer’s traffic will be
aggregated into VLAN 100 at the SP, the SP network appears to the customer to be a loop-free non-blocking hub
to the customer network when port 2/2 on R200 is blocked by STP in VLAN 100.
Customer Uses Multiple Spanning Trees But SP Uses Single STP
Figure 8.29 shows an example of SuperSpan where the customer network uses multiple spanning trees while the
SP network uses Single STP.
June 2005 8 - 67
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Figure 8.29 Customer using multiple spanning trees and SP using Single STP
R 2/2
R 10 single
1/1 span
2/1
Customer Provider
Region Region
3/1 2/1
R 20 2/2
Customer traffic from different VLANs is maintained by different spanning trees, while the SP network is
maintained by a single spanning tree. The SP can still use multiple VLANs at the core to separate traffic from
different customers. However, all VLANs will have the same network topology because they are all calculated by
the single spanning tree. The loop-free, non-blocking network acts like a hub for the customer network, with
boundary ports 2/1 on each device being untagged members of VLAN 100.
Traffic from all VLANs in the customer network will be aggregated through VLAN 100 at the SP. This setup leaves
the customer network’s switching pattern virtually unchanged from the scenario in “Customer and SP Use Multiple
Spanning Trees” on page 8-67, since the SP network still is perceived as a virtual hub, and maintenance of the
hub's loop-free topology is transparent to the customer network.
Customer Uses Single STP But SP Uses Multiple Spanning Trees
Figure 8.30 shows an example of SuperSpan where the customer network uses Single STP while the SP uses
multiple spanning trees.
8 - 68 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
Figure 8.30 Customer using Single STP and SP using multiple spanning trees
R
single R 2/2
span 1/1 2/1 100
customer Provider
Region Region
3/1 2/1
R 2/2
200
In this setup, the customer network is running a single spanning tree for VLANs 10 and 20. The traffic from VLAN
10 and 20 will be carried, or aggregated by VLAN 100 at the SP’s network. The main difference between this
scenario and the previous tow scenarios is that all traffic at the customer’s network now follows the same path,
having the same STP root bridge in all VLANs. Therefore, the customer network will not have the ability to
maximize network utilization on all its links. On the other hand, loop-free, non-blocking topology is still separately
maintained by the customer network’s single spanning tree and the SP’s per-VLAN spanning tree on VLAN 100.
Customer and SP Use Single STP
Figure 8.31 shows an example of SuperSpan where the customer network and SP both use Single STP.
R R 2/2
single single
span 1/1 2/1 span
customer Provider
Region Region
3/1 2/1
2/2
In this setup, both the customer and SP networks are running a single spanning tree at Layer 2. The traffic from
VLAN 10 and 20 will be carried, or aggregated by VLAN 100 at the SP network as in the previous scenario. Loop-
free, non-blocking topology is still separately maintained by the customer's single spanning tree and the SP's
single spanning tree.
June 2005 8 - 69
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Configuring SuperSpan
To configure an HP device for SuperSpan:
• Configure each interface on the HP device that is connected to customer equipment as a boundary interface.
This step enables the interface to convert the destination MAC address in the customer's BPDUs.
The software requires you to specify a SuperSpan customer ID when configuring the boundary interface. Use
an ID from 1 – 65535. The customer ID uniquely identifies the customer. Use the same customer ID for each
SP interface with the same customer. When tunneling BPDUs through the HP network, the devices use the
customer ID to ensure that BPDUs are forwarded only to the customer's devices, and not to other customers'
devices.
• Globally enable SuperSpan. This step enables the Preforwarding state.
Configuring a Boundary Interface
To configure the boundary interfaces on SP 1 in Figure 8.26 on page 8-65, enter the following commands:
ProCurveRS(config)# interface 1/1
ProCurveRS(config-if-e1000-1/1)# stp-boundary 1
ProCurveRS(config)# interface 1/2
ProCurveRS(config-if-e1000-1/2)# stp-boundary 2
These commands configure two interfaces on the HP device as SuperSpan boundary interfaces. Interface
1/1 is a boundary interface with customer 1. Interface 1/2 is a boundary interface with customer 2. Each
boundary interface is associated with a number, which is the SuperSpan ID. The SuperSpan ID identifies the
instance of SuperSpan you are associating with the interface. Use the same SuperSpan ID for each boundary
interface with the same customer. Use a different SuperSpan ID for each customer. For example, use SuperSpan
ID 1 for all the boundary interfaces with customer 1 and use SuperSpan ID 2 for all boundary interfaces with
customer 2.
Syntax: [no] stp-boundary <num>
The <num> parameter specifies the SuperSpan ID. You can specify a number from 1 – 65535.
To configure the boundary interfaces on SP 2 in Figure 8.26 on page 8-65, enter the following commands:
ProCurveRS(config)# interface 2/1
ProCurveRS(config-if-e1000-2/1)# stp-boundary 1
ProCurveRS(config)# interface 2/2
ProCurveRS(config-if-e1000-2/2)# stp-boundary 2
Enabling SuperSpan
After you configure the SuperSpan boundary interfaces, enable SuperSpan. You can enable SuperSpan globally
or on an individual VLAN level. If you enable the feature globally, the feature is enabled on all VLANs.
NOTE: If you enable the feature globally, then create a new VLAN, the new VLAN inherits the global SuperSpan
state. For example, if SuperSpan is globally enabled when you create a VLAN, SuperSpan also is enabled in the
new VLAN.
You also can change the length of the Preforwarding state to a value from 3 – 30 seconds. The default is 5
seconds.
To globally enable SuperSpan, enter the following command:
ProCurveRS(config)# super-span-global
Syntax: [no] super-span-global [preforward-delay <secs>]
The <secs> parameter specifies the length of the Preforwarding state. You can specify from 3 – 30 seconds. The
default is 5 seconds.
SuperSpan is enabled in all VLANs on the device. To disable SuperSpan in an individual VLAN, enter commands
such as the following:
ProCurveRS(config)# vlan 10
8 - 70 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
ProCurveRS(config-vlan-10)# no super-span
Syntax: [no] super-span
Displaying SuperSpan Information
To display the boundary interface configuration and BPDU statistics, enter the following command:
ProCurveRS(config)# show super-span
CID 1 Boundary Ports:
Port C-BPDU C-BPDU T-BPDU T-BPDU
Rxed Txed Rxed Txed
1/1 1 0 0 0
1/2 0 0 0 0
Total 1 0 0 0
C-BPDU Rxed The number of BPDUs received from the client spanning tree.
C-BPDU Txed The number of BPDUs sent to the client spanning tree.
T-BPDU Rxed The number of BPDUs received from the SuperSpan tunnel.
To display general STP information, see “Displaying STP Information” on page 8-8.
June 2005 8 - 71
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
STP per VLAN group allows you to group VLANs and apply the same STP parameter settings to all the VLANs in
the group. Figure 8.32 shows an example of a STP per VLAN group implementation.
Member
VLAN 3
STP group 1
Master VLAN 2
Member Member VLAN 3
VLAN 4 Member VLAN 4
STP priority 1
A master VLAN contains one or more member VLANs. Each of the member VLANs in a master VLAN runs the
same instance of STP and uses the STP parameters configured for the master VLAN. In this example, the HP
device is configured with VLANs 3, 4, 13, and 14. VLANs 3 and 4 are grouped in master VLAN 2, which is in STP
group 1. VLANs 13 and 14 are grouped in master VLAN 12, which is in STP group 2. The VLANs in STP group 1
all share the same spanning tree. The VLANs in STP group 2 share a different spanning tree.
All the ports in the VLANs are tagged. The ports must be tagged so that they can be in both a member VLAN and
the member's master VLAN. For example, ports 1/1 – 1/4 are in member VLAN 3 and also in master VLAN 2
(since master VLAN 2 contains member VLAN 3).
STP Load Balancing
Notice that the STP groups each have different STP priorities. In configurations that use the STP groups on
multiple devices, you can use the STP priorities to load balance the STP traffic. By setting the STP priorities for
the same STP group to different values on each device, you can cause each of the devices to be the root bridge
for a different STP group. This type of configuration distributes the traffic evenly across the devices and also
ensures that ports that are blocked in one STP group’s spanning tree are used by another STP group’s spanning
tree for forwarding. See “Configuration Example for STP Load Sharing” on page 8-74 for an example using STP
load sharing.
Configuring STP per VLAN Group
To configure STP per VLAN group:
• Configure the member VLANs.
• Optionally, configure master VLANs to contain the member VLANs. This is useful when you have a lot of
member VLANs and you do not want to individually configure STP on each one. Each of the member VLANs
in a master VLAN uses the STP settings of the master VLAN.
• Configure the STP groups. Each STP group runs a separate instance of STP.
Here are the CLI commands for implementing the STP per VLAN group configuration shown in Figure 8.32. The
following commands configure the member VLANs (3, 4, 13, and 14) and the master VLANs (2 and 12). Notice
that changes to STP parameters are made in the master VLANs only, not in the member VLANs.
ProCurveRS(config)# vlan 2
ProCurveRS(config-vlan-2)# spanning-tree priority 1
ProCurveRS(config-vlan-2)# tagged ethernet 1/1 ethernet to 1/4
ProCurveRS(config-vlan-2)# vlan 3
ProCurveRS(config-vlan-3)# tagged ethernet 1/1 ethernet to 1/4
ProCurveRS(config-vlan-3)# vlan 4
ProCurveRS(config-vlan-4)# tagged ethernet 1/1 ethernet to 1/4
ProCurveRS(config-vlan-4)# vlan 12
8 - 72 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
NOTE: If you delete the master VLAN from an STP group, the software automatically assigns the first member
VLAN in the group to be the new master VLAN for the group.
NOTE: This command is optional and is not used in the example above. For an example of this command, see
“Configuration Example for STP Load Sharing”.
June 2005 8 - 73
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Member VLANs
2 - 200
FWD 1
Member VLANs
3802 - 4000
BLK 1
In this example, each of the devices in the core is configured with a common set of master VLANs, each of which
contains one or more member VLANs. Each of the member VLANs in a master VLAN runs the same instance of
STP and uses the STP parameters configured for the master VLAN.
The STP group ID identifies the STP instance. All VLANs within an STP group run the same instance of STP. The
master VLAN specifies the bridge STP parameters for the STP group, including the bridge priority. In this
example, each of the devices in the core is configured to be the default root bridge for a different master VLAN.
This configuration ensures that each link can be used for forwarding some traffic. For example, all the ports on the
root bridge for master VLAN 1 are configured to forward BPDUs for master VLAN’s spanning tree. Ports on the
other devices block or forward VLAN 1’s traffic based on STP convergence. All the ports on the root bridge for
VLAN 2 forward VLAN 2’s traffic, and so on.
All the ports in the VLANs are tagged. The ports must be tagged so that they can be in both a member VLAN and
the member's master VLAN. For example, port 1/1 – and ports 5/1, 5/2, and 5/3 are in member VLAN 2 and
master VLAN 1 (since master VLAN a contains member VLAN 2).
Here are the commands for configuring the root bridge for master VLAN 1 in figure Figure 8.32 for STP per VLAN
group. The first group of commands configures the master VLANs. Notice that the STP priority is set to a different
value for each VLAN. In addition, the same VLAN has a different STP priority on each device. This provides load
balancing by making each of the devices a root bridge for a different spanning tree.
ProCurveRS(config)# vlan 1
ProCurveRS(config-vlan-1)# spanning-tree priority 1
ProCurveRS(config-vlan-1)# tag ethernet 1/1 ethernet 5/1 to 5/3
ProCurveRS(config-vlan-1)# vlan 201
ProCurveRS(config-vlan-201)# spanning-tree priority 2
ProCurveRS(config-vlan-201)# tag ethernet 1/2 ethernet 5/1 to 5/3
ProCurveRS(config-vlan-201)# vlan 401
ProCurveRS(config-vlan-401)# spanning-tree priority 3
ProCurveRS(config-vlan-401)# tag ethernet 1/3 ethernet 5/1 to 5/3
...
ProCurveRS(config-vlan-3601)# vlan 3801
8 - 74 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
PVST/PVST+ Compatibility
The following sections describe the Per VLAN Spanning Tree (PVST) and PVST+ compatibility features on HP
devices. Use the section that matches the software release you are using:
• For release 07.6.04 and later, see “PVST/PVST+ Compatibility – 07.6.04 and Later”.
• For releases 07.1.10 – 07.6.00, see “PVST/PVST+ Compatibility – Earlier Than 07.6.01b” on page 8-81.
1.Cisco user documentation for PVST/PVST+ refers to the IEEE 802.1Q spanning tree as the Common
Spanning Tree (CST).
June 2005 8 - 75
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Previous releases allow an HP device to interoperate with IEEE 802.1Q devices only when the HP device is
configured for Single STP (SSTP). In this case, the HP device is operating as an IEEE 802.1Q device but cannot
run multiple spanning trees. The current release and previous releases allow the HP device to interoperate with
PVST when the HP device is configured for MSTP.
NOTE: HP ports automatically detect PVST+ BPDUs and enable support for the BPDUs once detected. You do
not need to perform any configuration steps to enable PVST+ support. However, to support the IEEE 802.1Q
BPDUs, you might need to enable dual-mode support.
HP’s support for Cisco's Per VLAN Spanning Tree plus (PVST+), allows an HP device to run multiple spanning
trees (MSTP) while also interoperating with IEEE 802.1Q devices. HP ports automatically detect PVST+ BPDUs
and enable support for the BPDUs once detected. The enhancement allows a port that is in PVST+ compatibility
mode due to auto-detection to revert to the default MSTP mode when one of the following events occurs:
• The link is disconnected or broken
• The link is administratively disabled
• The link is disabled by interaction with the link-keepalive protocol
This enhancement allows a port that was originally interoperating with PVST+ to revert to MSTP when connected
to an HP device.
8 - 76 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
Do not
connect
PVST Region
NOTE: Support for the IEEE 802.1Q spanning tree always uses VLAN 1, regardless of whether the devices are
configured to use tagged or untagged frames on the VLAN.
1.Cisco PVST/PVST+ documentation refers to the Default VLAN as the Default Native VLAN.
June 2005 8 - 77
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: If you disable PVST+ support, the software still automatically enables PVST+ support if the port receives
a BPDU with PVST+ format.
NOTE: This command is present in earlier releases but the output format has been changed to reflect the feature
enhancements.
8 - 78 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
Method The method by which PVST+ support was enabled on the port. The
method can be one of the following:
• Set by configuration – You enabled the support.
• Set by auto-detect – The support was enabled automatically
when the port received a PVST+ BPDU.
Configuration Examples
The following examples show configuration examples for two common configurations:
• Untagged IEEE 802.1Q BPDUs on VLAN 1 and tagged PVST+ BPDUs on other VLANs
• Tagged IEEE 802.1Q BPDUs on VLAN 1 and untagged BPDUs on another VLAN
Tagged Port Using Default VLAN 1 as its Port Native VLAN
Figure 8.36 shows an example of a PVST+ configuration that uses VLAN 1 as the untagged default VLAN and
VLANs 2, 3, and 4 as tagged VLANs.
Cisco
device
Port 1/1 Port 3/2
June 2005 8 - 79
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Cisco
device
Port 1/1 Port 3/2
NOTE: Although VLAN 2 becomes the port’s untagged VLAN, the CLI still requires that you add the port to the
VLAN as a tagged port, since the port is a member of more than one VLAN.
8 - 80 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
In the configuration above, all PVST BPDUs associated with VLAN 1 would be discarded. Since IEEE BPDUs
associated with VLAN 1 are untagged, they are discarded because the ports in VLAN 1 are tagged. Effectively,
the BPDUs are never processed by the Spanning Tree Protocol. STP assumes that there is no better bridge on the
network and sets the ports to FORWARDING. This could cause a Layer 2 loop.
The following configuration is correct:
ProCurveRS(config)# default-vlan-id 1000
ProCurveRS(config)# vlan 1
ProCurveRS(config-vlan-1)# tagged ethernet 1/1 to 1/2
ProCurveRS(config-vlan-1)# exit
ProCurveRS(config)# interface ethernet 1/1
ProCurveRS(config-if-1/1)# pvst-mode
ProCurveRS(config-if-1/1)# dual-mode
ProCurveRS(config-if-1/1)# exit
ProCurveRS(config)# interface ethernet 1/2
ProCurveRS(config-if-1/2)# pvst-mode
ProCurveRS(config-if-1/2)# dual-mode
ProCurveRS(config-if-1/2)# exit
Setting the ports as dual-mode ensures that the untagged IEEE 802.1Q BPDUs reach the VLAN 1 instance.
NOTE: If you plan to use the PVST/PVST+ support, do not use VLAN 1. PVST+ uses VLAN 1 as a single STP
broadcast domain and thus uses a different BPDU format than for other VLANs.
PVST
Each spanning tree (that is, each instance of STP) has one device called the root bridge. The root bridge is the
control point for the spanning tree, and sends STP status and topology change information to the other devices in
the spanning tree by sending BPDUs to the other devices. The other devices forward the BPDUs as needed.
The format of an STP BPDU differs depending on whether it is a Cisco PVST BPDU or an HP BPDU. HP and
Cisco devices also can support single STP BPDUs, which use another format.
• An HP device configured with a separate spanning tree in each VLAN sends BPDUs in standard IEEE 802.1D
format, but includes a proprietary four-byte tag. The tag identifies the VLAN the BPDU is for.
• A Cisco device configured for PVST sends the BPDUs to multicast MAC address 01-00-0C-CC-CC-CD. If the
device is configured for PVST+, then the device sends BPDUs for all VLANs except VLAN 1 to 01-00-0C-CC-
CC-CD. The device sends BPDUs in VLAN 1 to 01-80-C2-00-00-00, the single STP address (see below and
“PVST+”).
• An HP device configured for single STP (IEEE 802.1Q) sends untagged BPDUs to the well-known STP MAC
address 01-80-C2-00-00-00.
NOTE: Cisco devices can be configured to interoperate with devices that support IEEE 802.1Q single STP, but
the devices cannot be configured to run single STP.
June 2005 8 - 81
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
HP’s PVST support enables HP and Cisco devices that have separate spanning trees in each VLAN to
interoperate. The HP PVST support is automatically enabled when a port receives a PVST BPDU and does not
require configuration on the HP or Cisco device.
When PVST is enabled on an HP port, that port sends BPDUs in PVST format instead of HP’s spanning tree
format.
PVST+
HP devices and Cisco devices support separate spanning trees on an individual port-based VLAN basis.
However, until the IEEE standard for multiple spanning trees is finalized, vendors are using different methods to
support multiple spanning trees within their own products. PVST+ is an extension to PVST that enables a Cisco
device to interoperate with other devices that are running a single spanning tree (IEEE 802.1Q) while still running
a separate spanning tree in each VLAN.
PVST+ uses 802.1Q single STP BPDUs on VLAN 1 and PVST BPDUs (which have a proprietary format) for other
VLANs. In this case, the Cisco device uses devices running 802.1Q as tunnels for PVST (non-802.1Q) traffic.
The 802.1Q single STP BPDUs are addressed to the well-known STP MAC address 01-80-C2-00-00-00. The
PVST BPDUs for the other VLANs are addressed to multicast address 01-00-0C-CC-CC-CD.
The PVST+ method can require manual configuration of STP parameters on the 802.1Q devices to ensure that
traffic for the PVST VLANs is not blocked. In addition, the opportunities to adjust STP parameters to load balance
traffic on a VLAN basis are limited when using PVST+.
Using HP Single STP with Cisco PVST+
Since HP’s single STP feature complies with IEEE 802.1Q (the single STP specification), you also can use an HP
device running single STP to interoperate with a Cisco device running PVST+. When you enable single STP on
an HP device, the PVST compatibility feature is not enabled, even if a port receives a PVST BPDU.
Enabling PVST/PVST+ Statically
PVST/PVST+ support is automatically enabled on a port if the port receives a BPDU in PVST/PVST+ format.
However, you can statically enable PVST/PVST+ support on a port if desired. In this case, the support is enabled
immediately and support for HP tagged BPDUs is disabled at the same time. To enable the PVST/PVST+
support, use the following CLI method.
NOTE: When PVST/PVST+ support is enabled on a port, support for HP BPDUs is disabled.
NOTE: If you disable PVST/PVST+ support, the software still automatically enables PVST/PVST+ support if the
port receives an STP BPDU with PVST/PVST+ format.
8 - 82 June 2005
Configuring Spanning Tree Protocol (STP) and Advanced STP Features
PVST cfg. Whether PVST support is statically enabled on the port. The value
can be one of the following:
• 0 – The support has not been statically enabled.
• 1 – The support has been statically enabled.
PVST on (by cfg. or detect) Whether PVST/PVST+ support is active on the port. The value can
be one of the following:
• 0 – PVST/PVST+ support is not enabled.
• 1 – PVST/PVST+ support is enabled, either because you
statically enabled the support or because the port received an
STP BPDU with PVST/PVST+ format.
June 2005 8 - 83
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
8 - 84 June 2005
Chapter 9
Configuring Uni-Directional Link Detection (UDLD)
Uni-directional Link Detection (UDLD) monitors a link between two HP devices and brings the ports on both ends
of the link down if the link goes down at any point between the two devices. This feature is useful for links that are
individual ports and for trunk links. Figure 9.1 shows an example.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
X
Normally, an HP device load balances traffic across the ports in a trunk group. In this example, each HP device
load balances traffic across two ports. Without the UDLD feature, a link failure on a link that is not directly
attached to one of the HP devices is undetected by the HP devices. As a result, the HP devices continue to send
traffic on the ports connected to the failed link.
When UDLD is enabled on the trunk ports on each HP device, the devices detect the failed link, disable the ports
connected to the failed link, and use the remaining ports in the trunk group to forward the traffic.
Ports enabled for UDLD exchange proprietary health-check packets once every second (the keepalive interval). If
a port does not receive a health-check packet from the port at the other end of the link within the keepalive
interval, the port waits for two more intervals. If the port still does not receive a health-check packet after waiting
for three intervals, the port concludes that the link has failed and takes the port down.
Configuration Considerations
• The feature is supported only on Ethernet ports.
• To configure UDLD on a trunk group, you must configure the feature on each port of the group individually.
Configuring UDLD on a trunk group’s primary port enables the feature on that port only.
• Dynamic trunking is not supported. If you want to configure a trunk group that contains ports on which UDLD
is enabled, you must remove the UDLD configuration from the ports. After you create the trunk group, you
can re-add the UDLD configuration.
Configuring UDLD
To enable UDLD on a port, enter a command such as the following at the global CONFIG level of the CLI:
ProCurveRS(config)# link-keepalive ethernet 1/1
Syntax: [no] link-keepalive ethernet <portnum> [ethernet <portnum>]
To enable the feature on a trunk group, enter commands such as the following:
ProCurveRS(config)# link-keepalive ethernet 1/1 ethernet 1/2
ProCurveRS(config)# link-keepalive ethernet 1/3 ethernet 1/4
These commands enable UDLD on ports 1/1 – 1/4. You can specify up to two ports on the same command line.
This commands enables UDLD on port 1/18 and allows UDLD control packet tagged with VLAN 22 to be received
and sent on port 1/18.
Syntax: [no] link-keepalive ethernet <portnum> [vlan <vlan-ID>]
Enter the slot number (if applicable) and the port number of the Ethernet port.
Enter the ID of the VLAN that the UDLD control packets can contain to be received and sent on the port. If a
VLAN ID is not specified, then UDLD control packets are sent out of the port as untagged packets.
NOTE: You must configure the same VLANs that will be used for UDLD on all devices across the network;
otherwise, the UDLD link cannot be maintained.
Total link-keepalive enabled ports The total number of ports on which UDLD is enabled.
Keepalive Retries The number of times a port will attempt the health check before
concluding that the link is down.
Physical Link The state of the physical link. This is the link between the HP port and
the directly connected device.
Logical Link The state of the logical link. This is the state of the link between this
HP port and the HP port on the other end of the link.
If a port is disabled by UDLD, the change also is indicated in the output of the show interfaces brief command.
Here is an example:
Port Link State Dupl Speed Trunk Tag Priori MAC Name
1/1 Up LK-DISABLENone None None No level0 00e0.52a9.bb00
1/2 Down None None None None No level0 00e0.52a9.bb01
1/3 Down None None None None No level0 00e0.52a9.bb02
1/4 Down None None None None No level0 00e0.52a9.bb03
If the port was already down before you enabled UDLD for the port, the port’s state is listed as None.
Syntax: show interface brief
Beginning with Enterprise software release 07.6.06, the show link-keepalive command shows the following:
The Link-vlan entry shows the ID of the tagged VLAN in the UDLD packet.
Syntax: show link-keepalive ethernet
Current State The state of the logical link. This is the link between this HP port and
the HP port on the other end of the link.
Remote MAC Addr The MAC address of the port or device at the remote end of the logical
link.
Remote Port The port number on the HP device at the remote end of the link.
Local System ID A unique value that identifies this HP device. The ID can be used by
HP technical support for troubleshooting.
Remote System ID A unique value that identifies the HP device at the remote end of the
link.
Packets sent The number of UDLD health-check packets sent on this port.
Packets received The number of UDLD health-check packets received on this port.
Transitions The number of times the logical link state has changed between up
and down.
The show interface ethernet <portnum> command also displays the UDLD state for an individual port. In
addition, the line protocol state listed in the first line will say “down” if UDLD has brought the port down. Here is an
example:
In this example, the port has been brought down by UDLD. Notice that in addition to the information in the first
line, the port state on the fourth line of the display is listed as DISABLED.
This command clears the Packets sent, Packets received, and Transitions counters in the show link keepalive
ethernet <portnum> display.
Topology Groups
A topology group is a named set of VLANs that share a Layer 2 topology. Topology groups simplify configuration
and enhance scalability of Layer 2 protocols by allowing you to run a single instance of a Layer 2 protocol on
multiple VLANs.
You can use topology groups with the following Layer 2 protocols:
• STP
• MRP
• VSRP
• 802.1W
Topology groups simplify Layer 2 configuration and provide scalability by enabling you to use the same instance of
a Layer 2 protocol for multiple VLANs. For example, if an HP device is deployed in a Metro network and provides
forwarding for two MRP rings that each contain 128 VLANs, you can configure a topology group for each ring. If a
link failure in a ring causes a topology change, the change is applied to all the VLANs in the ring’s topology group.
Without topology groups, you would need to configure a separate ring for each VLAN.
June 2005 10 - 1
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: If you plan to use a configuration saved under an earlier software release and the configuration contains
STP groups, the CLI converts the STP groups into topology groups when you save the configuration under
software release 07.6.01b. For backward compatibility, you can still use the STP group commands. However, the
CLI converts the commands into the topology group syntax. Likewise, the show stp-group command displays
STP topology groups.
NOTE: Since free ports are not controlled by the master port’s Layer 2 protocol, they are assumed to always
be in the Forwarding state.
Configuration Considerations
• You can configure up to 256 topology groups. Each group can control up to 4096 VLANs. A VLAN cannot be
controlled by more than one topology group.
• You must configure the master VLAN and member VLANs or member VLAN groups before you configure the
topology group.
• The topology group must contain a master VLAN and can also contain individual member VLANs, VLAN
groups, or a combination of individual member VLANs and VLAN groups.
• Once you add a VLAN as a member of a topology group, all the Layer 2 protocol information on the VLAN is
deleted.
10 - 2 June 2005
Configuring Metro Features
NOTE: If you remove the master VLAN (by entering no master-vlan <vlan-id>), the software selects the next-
highest numbered member VLAN as the new master VLAN. For example, if you remove master VLAN 2 from the
example above, the CLI converts member VLAN 3 into the new master VLAN. The new master VLAN inherits the
Layer 2 protocol settings of the older master VLAN.
NOTE: If you add a new master VLAN to a topology group that already has a master VLAN, the new master
VLAN replaces the older master VLAN. All member VLANs and VLAN groups follow the Layer 2 protocol settings
of the new master VLAN.
NOTE: Once you add a VLAN or VLAN group as a member of a topology group, all the Layer 2 protocol
configuration information for the VLAN or group is deleted. For example, if STP is configured on a VLAN and you
add the VLAN to a topology group, the STP configuration is removed from the VLAN. Once you add the VLAN to
a topology group, the VLAN uses the Layer 2 protocol settings of the master VLAN.
If you remove a member VLAN or VLAN group from a topology group, you will need to reconfigure the Layer 2
protocol information in the VLAN or VLAN group.
June 2005 10 - 3
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
This example shows STP information for VLAN 4. The line shown in bold type indicates that the VLAN’s STP
configuration is controlled by VLAN 2. This information indicates that VLAN 4 is a member of a topology group
and VLAN 2 is the master VLAN in that topology group.
Displaying Topology Group Information
To display topology group information, enter the following command:
ProCurveRS(config)# show topology-group
Topology Group 3
=================
master-vlan 2
member-vlan none
master-vlan The master VLAN for the topology group. The settings for STP, MRP,
or VSRP on the control ports in the master VLAN apply to all control
ports in the member VLANs within the topology group.
Common control ports The master VLAN ports that are configured with Layer 2 protocol
information. The Layer 2 protocol configuration and state of these
ports in the master VLAN applies to the same port numbers in all the
member VLANs.
L2 protocol The Layer 2 protocol configured on the control ports. The Layer 2
protocol can be one of the following:
• MRP
• STP
• VSRP
10 - 4 June 2005
Configuring Metro Features
Per vlan free ports The ports that are not controlled by the Layer 2 protocol information in
the master VLAN.
The Metro Ring Protocol (MRP) is an HP proprietary protocol that prevents Layer 2 loops and provides fast
reconvergence in Layer 2 ring topologies. It is an alternative to STP and is especially useful in Metropolitan Area
Networks (MANs) where using STP has the following drawbacks:
• STP allows a maximum of seven nodes. Metro rings can easily contain more nodes than this.
• STP has a slow reconvergence time, taking many seconds or even minutes. MRP can detect and heal a
break in the ring in sub-second time.
Figure 10.1 shows an example of an MRP metro ring.
Customer A
F F
Switch B
F F
F F
Switch C Switch A Master
Node
Customer A Customer A
This interface blocks
F Layer 2 traffic B
to prevent a loop
Switch D
F F
Customer A
The ring in this example consists of four MRP nodes (ProCurve Routing Switches). Each node has two interfaces
with the ring. Each node also is connected to a separate customer network. The nodes forward Layer 2 traffic to
and from the customer networks through the ring. The ring interfaces are all in one port-based VLAN. Each
customer interface can be in the same VLAN as the ring or in a separate VLAN.
June 2005 10 - 5
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
One node, is configured as the master node of the MRP ring. One of the two interfaces on the master node is
configured as the primary interface; the other is the secondary interface. The primary interface originates Ring
Health Packets (RHPs), which are used to monitor the health of the ring. An RHP is forwarded on the ring to the
next interface until it reaches the secondary interface of the master node. The secondary interface blocks the
packet to prevent a Layer 2 loops.
NOTE: When you configure MRP, HP recommends that you disable one of the ring interfaces before beginning
the ring configuration. Disabling an interface prevents a Layer 2 loop from occurring while you are configuring
MRP on the ring nodes. Once MRP is configured and enabled on all the nodes, you can re-enable the interface.
Master
node
Ring 1 Ring 2
port 1/2 port 4/2
Master
node
Ring 3
In this example, two nodes are each configured with two MRP rings. Any node in a ring can be the master for its
ring. A node also can be the master for more than one ring.
10 - 6 June 2005
Configuring Metro Features
Support for MRP Phase 2 has been added to Enterprise software release 07.7.00 and later. With MRP Phase 2,
MRP rings can be configured to share the same interfaces as long as the interfaces belong to the same VLAN.
Figure 10.3 shows examples of multiple MRP rings that share the same interface.
Example 1 Example 2
S1
port 1/1
VLAN 2
Ring 1 Ring 2
S1 port 2/2
VLAN 2
port 1/1 S2
S1
VLAN 2
Ring 1 Ring 2
port 2/2
VLAN 2
S3
S1 S4
S2
Ring 3
On each node that will participate in the ring, you specify the ring’s ID and the interfaces that will be used for ring
traffic. In a multiple ring configuration, a ring’s ID determines its priority. The lower the ring ID, the higher priority of
a ring.
A ring’s ID is also used to identify the interfaces that belong to a ring.
Figure 10.4 Interface IDs and Types on Rings with Shared Interfaces
1 1 2 2
T 2
1
S1
1 1, 2 port 1/1 2
Ring 1 Ring 2
1 1, 2 port 2/2 2
S2
1 T 2
1 1 2 2
C = customer port
For example, in Figure 10.4, the ID of all interfaces on all nodes on Ring 1 is 1 and all interfaces on all nodes on
Ring 2 is 2. Port 1/1 on node S1 and Port 2/2 on S2 have the IDs of 1 and 2 since the interfaces are shared by
Rings 1 and 2.
The ring’s ID is also used to determine an interface’s priority. Generally, a ring’s ID is also the ring’s priority and the
priority of all interfaces on that ring. However, if the interface is shared by two or more rings, then the highest
priority (lowest ID) becomes the priority of the interface. For example, in Figure 10.4, all interfaces on Ring 1,
except for Port 1/1 on node S1 and Port 2/2 on node S2 have a priority of 1. Likewise, all interfaces on Ring 2,
June 2005 10 - 7
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
except for Port 1/1 on node S1 and Port 2/2 on node S2 have a priority of 2. Port 1/1 on S1 and Port 2/2 on S2
have a priority of 1 since 1 is the highest priority (lowest ID) of the rings that share the interface.
If a node has interfaces that have different IDs, the interfaces that belong to the ring with the highest priority
become regular ports. Those interfaces that do not belong to the ring with the highest priority become tunnel
ports. In Figure 10.4, nodes S1 and S2 have interfaces that belong to Rings 1 and 2. Those interfaces with a
priority of 1 are regular ports. The interfaces with a priority of 2 are the tunnel ports since they belong to Ring 2,
which has a lower priority than Ring 1.
Selection of Master Node on Shared Interfaces
Allowing MRP rings to share interfaces limits the nodes that can be designated as the master node. Any node on
an MRP ring that does not have a shared interface can be designated as the ring’s master node. However, if all
nodes on the ring have shared interfaces, nodes that do not have tunnel ports can be designated as the master
node of that ring. If none of the nodes meet these criteria, you must change the rings’ priorities by reconfiguring
the rings’ ID.
In Figure 10.4, any of the nodes on Ring 1, even S1 or S2, can be a master node since none of its interfaces are
tunnel ports. However in Ring 2, neither S1 nor S2 can be a master node since these nodes contain tunnel ports.
Ring Initialization
The ring shown in Figure 10.1 shows the port states in a fully initialized ring without any broken links. Figure 10.5
shows the initial state of the ring, when MRP is first enabled on the ring’s switches. All ring interfaces on the
master node and member nodes begin in the Preforwarding state (PF).
Customer A
PF PF
Switch B
PF PF
All ports start in
Preforwarding state.
F F
Switch C Switch A Master
Primary port on Master
Node
node sends RHP 1
Customer A Customer A
PF PF
Switch D
PF PF
Customer A
MRP uses Ring Health Packets (RHPs) to monitor the health of the ring. An RHP is an MRP protocol packet. The
source address is the MAC address of the master node and the destination MAC address is a protocol address for
MRP. The Master node generates RHPs and sends them on the ring. The state of a ring port depends on the
RHPs.
10 - 8 June 2005
Configuring Metro Features
Customer A RHP 2
PF F
Switch B
PF Secondary port F
receives RHP 1
and changes to
F F
Switch C Blocking Switch A Master
Node
Primary port then
Customer A sends RHP 2 with Customer A
PF B
forwarding bit on
Switch D
PF PF
Customer A
June 2005 10 - 9
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Each RHP also has a sequence number. MRP can use the sequence number to determine the round-trip time for
RHPs in the ring. See “Using MRP Diagnostics” on page 10-15.
Figure 10.7 shows an example of how RHP packets are processed normally in MRP rings with shared interfaces.
Figure 10.7 Flow of RHP packets on MRP Rings with Shared Interfaces
1 1 2 2
1 T 2
S1
(secondary interface) port 2/2 1 1,2 2 port 3/2 (secondary interface)
Master node Ring 1 Ring 2 Master node
(primary interface) port 2/1 1 1,2 2 port 3/1 (primary interface)
S2
1 T 2
1
S3
1 2 S4 2
Port 2/1 on Ring 1’s master node is the primary interface of the master node. The primary interface forwards an
RHP packet on the ring. Since all the interfaces on Ring 1 are regular ports, the RHP packet is forwarded to all the
interfaces until it reaches Port 2/2, the secondary interface of the master node. Port 2/2 then blocks the packet to
complete the process.
On Ring 2, Port 3/1, is the primary interface of the master node. It sends an RHP packet on the ring. Since all
ports on S4 are regular ports, the RHP packet is forwarded on those interfaces. When the packet reaches S2, the
receiving interface is a tunnel port. The port compares the packet’s priority to its priority. Since the packet’s priority
is the same as the tunnel port’s priority, the packet is forwarded up the link shared by Rings 1 and 2.
When the RHP packet reaches the interface on node S2 shared by Rings 1 and 2, the packet is forwarded since its
priority is less than the interface’s priority. The packet continues to be forwarded to node S1 until it reaches the
tunnel port on S1. That tunnel port determines that the RHP packet’s priority is equal to the port’s priority and
forwards the packet. The RHP packet is forwarded to the remaining interfaces on Ring 2 until it reaches port 3/2,
the secondary interface of the master node. Port 3/2 then blocks the packet to prevent a loop.
When the RHP packet from Ring 2 reached S2, it was also forwarded from S2 to S3 on Ring 1 since the port on
S2 has a higher priority than the RHP packet. The packets is forwarded around Ring 1 until it reaches port 2/2,
Ring 1’s the secondary port. The RHP packet is then blocked by that port.
10 - 10 June 2005
Configuring Metro Features
F F
Switch B
F F
F F
Switch C Switch A Master
Node
Customer A Customer A
F
Switch D
Customer A
If a break in the ring occurs, MRP heals the ring by changing the states of some of the ring interfaces.
• Blocking interface – The Blocking interface on the Master node has a dead timer. If the dead time expires
before the interface receives one of its ring’s RHPs, the interface changes state to Preforwarding. Once the
secondary interface changes state to Preforwarding:
• If the interface receives an RHP, the interface changes back to the Blocking state and resets the dead
timer.
• If the interface does not receive an RHP for its ring before the Preforwarding time expires, the interface
changes to the Forwarding state, as shown in Figure 10.8.
• Forwarding interfaces – Each member interface remains in the Forwarding state.
When the broken link is repaired, the link’s interfaces come up in the Preforwarding state, which allows RHPs to
travel through the restored interfaces and reach the secondary interface on the Master node.
• If an RHP reaches the Master node’s secondary interface, the ring is intact. The secondary interface changes
to Blocking. The Master node sets the forwarding bit on in the next RHP. When the restored interfaces
receive this RHP, they immediately change state to Forwarding.
• If an RHP does not reach the Master node’s secondary interface, the ring is still broken. The Master node
does not send an RHP with the forwarding bit on. In this case, the restored interfaces remain in the
Preforwarding state until the preforwarding timer expires, then change to the Forwarding state.
If the link between shared interfaces breaks (Figure 10.9), the secondary interface on Ring 1’s master node
changes to a preforwarding state. The RHP packet sent by port 3/1 on Ring 2 is forwarded through the interfaces
on S4, then to S2. The packet is then forwarded through S2 to S3, but not from S2 to S1 since the link between the
two nodes is not available. When the packet reaches Ring 1’s master node, the packet is forwarded through the
secondary interface since it is currently in a preforwarding state. A secondary interface in preforwarding mode
ignores any RHP packet that is not from its ring. The secondary interface changes to blocking mode only when the
RHP packet forwarded by its primary interface is returned.
June 2005 10 - 11
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
The packet then continues around Ring 1, through the interfaces on S1 to Ring 2 until it reaches Ring 2’s master
node. Port 3/2, the secondary interface on Ring 2 changes to blocking mode since it received its own packet, then
blocks the packet to prevent a loop.
Figure 10.9 Flow of RHP packets when a link for shared interfaces brakes
1 1 2 2
1 T 2
port 2/2 changes S1
to preforwarding 1 1,2 2 port 3/2
Master node
(primary interface) port 2/1 1
Ring 1
X1,2
Ring 2 Master node
2 port 3/1 (primary interface)
S2
1 T 2
1 1 2 S4 2
S3
RHP packets follow this flow until the link is restored; then the RHP packet returns to it normal flow as shown in
Figure 10.7.
10 - 12 June 2005
Configuring Metro Features
Customer A Customer B
VLAN 30 VLAN 40
Switch B
======
ring 1
interfaces 1/1, 1/2
port 2/1 port 4/1
topology group 2
master VLAN 2 (1/1, 1/2)
member VLAN 30 (1/1, 1/2, 2/1) port 1/2 port 1/1
member VLAN 40 (1/1, 1/2, 4/1)
Switch B
Switch D
Switch D
port 1/2 port 1/1 ======
ring 1
interfaces 1/1, 1/2
port 2/1 port 4/1 topology group 2
master VLAN 2 (1/1, 1/2)
member VLAN 30 (1/1, 1/2, 2/1)
member VLAN 40 (1/1, 1/2, 4/1)
Customer A Customer B
VLAN 30 VLAN 40
Notice that each customer has their own VLAN. Customer A has VLAN 30 and Customer B has VLAN 40.
Customer A’s host attached to Switch D can reach the Customer A host attached to Switch B at Layer 2 through
the ring. Since Customer A and Customer B are on different VLANs, they will not receive each other’s traffic.
You can configure MRP separately on each customer VLAN. However, this is impractical if you have many
customers. To simplify configuration when you have a lot of customers (and therefore a lot of VLANs), you can
use a topology group.
A topology group enables you to control forwarding in multiple VLANs using a single instance of a Layer 2 protocol
such as MRP. A topology group contains a master VLAN and member VLANs. The master VLAN contains all the
configuration parameters for the Layer 2 protocol (STP, MRP, or VSRP). The member VLANs use the Layer 2
configuration of the master VLAN.
In Figure 10.10, VLAN 2 is the master VLAN and contains the MRP configuration parameters for ring 1. VLAN 30
and VLAN 40, the customer VLANs, are member VLANs in the topology group. Since a topology group is used, a
single instance of MRP provides redundancy and loop prevention for both the customer VLANs.
If you use a topology group:
• The master VLAN must contain the ring interfaces. The ports must be tagged, since they will be shared by
multiple VLANs.
• The member VLAN for a customer must contain the two ring interfaces and the interfaces for the customer.
Since these interfaces are shared with the master VLAN, they must be tagged. Do not add another
customer’s interfaces to the VLAN.
For more information about topology groups, see “Topology Groups” on page 10-1.
See “MRP CLI Example” on page 10-19 for the configuration commands required to implement the MRP
configuration shown in Figure 10.10.
June 2005 10 - 13
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Configuring MRP
To configure MRP, perform the following tasks. You need to perform the first task on only one of the nodes.
Perform the remaining tasks on all the nodes.
• Disable one of the ring interfaces. This prevents a Layer 2 loop from occurring while you are configuring the
devices for MRP.
• Add an MRP ring to a port-based VLAN. When you add a ring, the CLI changes to the configuration level for
the ring, where you can perform the following tasks.
• Optionally, specify a name for the ring.
• On the master node only, enable the device to be the master for the ring. Each ring can have only one
master node.
• Specify the MRP interfaces. Each device has two interfaces to an MRP ring.
• Optionally, change the hello time and the preforwarding time. These parameters control how quickly
failover occurs following a change in the state of a link in the ring.
• Enable the ring.
• Optionally, add the ring’s VLAN to a topology group to add more VLANs to the ring. If you use a topology
group, make sure you configure MRP on the group’s master VLAN. See “Topology Groups” on page 10-1.
• Re-enable the interface you disabled to prevent a Layer 2 loop. Once MRP is enabled, MRP will prevent the
Layer 2 loop.
Adding an MRP Ring to a VLAN
To add an MRP ring to a VLAN, enter commands such as the following.
NOTE: If you plan to use a topology group to add VLANs to the ring, make sure you configure MRP on the
topology group’s master VLAN.
ProCurveRS(config)# vlan 2
ProCurveRS(config-vlan-2)# metro-ring 1
ProCurveRS(config-vlan-2-mrp-1)# name CustomerA
ProCurveRS(config-vlan-2-mrp-1)# master
ProCurveRS(config-vlan-2-mrp-1)# ring-interface ethernet 1/1 ethernet 1/2
ProCurveRS(config-vlan-2-mrp-1)# enable
These commands configure an MRP ring on VLAN 2. The ring ID is 1, the ring name is CustomerA, and this node
(this HP device) is the master for the ring. The ring interfaces are 1/1 and 1/2. Interface 1/1 is the primary
interface and 1/2 is the secondary interface. The primary interface will initiate RHPs by default. The ring takes
effect in VLAN 2.
To configure MRP rings with shared interfaces, enter commands such as the following:
ProCurveRS(config)# vlan 2
ProCurveRS(config-vlan-2)# metro-ring 1
ProCurveRS(config-vlan-2-mrp-1)# name CustomerA
ProCurveRS(config-vlan-2-mrp-1)# ring-interface ethernet 1/1 ethernet 1/2
ProCurveRS(config-vlan-2-mrp-1)# enable
ProCurveRS(config-vlan-2-mrp-1)# metro-ring 2
ProCurveRS(config-vlan-2-mrp-2)# name CustomerB
ProCurveRS(config-vlan-2-mrp-2)# ring-interface ethernet 1/1 ethernet 1/2
ProCurveRS(config-vlan-2-mrp-1)# enable
Syntax: [no] metro-ring <ring-id>
The <ring-id> parameter specifies the ring ID and can be from 1 – 255. Configure the same ring ID on each of the
nodes in the ring.
Syntax: [no] name <string>
10 - 14 June 2005
Configuring Metro Features
The <string> parameter specifies a name for the ring. The name is optional, but it can be up to 20 characters long
and can include blank spaces. If you use a name that has blank spaces, enclose the name in double quotation
marks (for example: “Customer A”).
Syntax: [no] master
Configures this node as the master node for the ring. Enter this command only on one node in the ring. The node
is a member (non-master) node by default.
Syntax: [no] ring-interface ethernet <primary-if> ethernet <secondary-if>
The ethernet <primary-if> parameter specifies the primary interface. On the master node, the primary interface is
the one that originates RHPs. Ring control traffic and Layer 2 data traffic will flow in the outward direction from this
interface by default. On member nodes, the direction of traffic flow depends on the traffic direction selected by the
master node. Therefore, on a member node, the order in which you enter the interfaces does not matter.
The ethernet <secondary-if> parameter specifies the secondary interface.
NOTE: To take advantage of every interface in a Metro network, you can configure another MRP ring and either
configure a different Master node for the ring or reverse the configuration of the primary and secondary interfaces
on the Master node. Configuring multiple rings enables you to use all the ports in the ring. The same port can
forward traffic one ring while blocking traffic for another ring.
NOTE: The preforwarding time must be at least twice the value of the hello time and must be a multiple of the
hello time.
NOTE: You can use MRP ring diagnostics to determine whether you need to change the hello time and
preforwarding time. See “Using MRP Diagnostics”.
June 2005 10 - 15
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
ProCurveRS(config-vlan-2-mrp-1)# diagnostics
Syntax: [no] diagnostics
RHP average time The average round-trip time for an RHP packet on the ring. The
calculated time has a granularity of 1 microsecond.
Recommended hello time The hello time recommended by the software based on the RHP
average round-trip time.
Recommended Prefwing time The preforwarding time recommended by the software based on the
RHP average round-trip time.
Diag frame sent The number of diagnostic RHPs sent for the test.
Diag frame lost The number of diagnostic RHPs lost during the test.
If the recommended hello time and preforwarding time are different from the actual settings and you want to
change them, see “Configuring MRP” on page 10-14.
10 - 16 June 2005
Configuring Metro Features
Metro Ring 2
=============
Ring State Ring Master Topo Hello Prefwing
id role vlan group time(ms) time(ms)
2 enabled member 2 not conf 100 300
Ring interfaces Interface role Forwarding state Active interface Interface Type
ethernet 1/1 primary disabled none Regular
ethernet 1/2 secondary forwarding ethernet 2 Tunnel
State The state of MRP. The state can be one of the following:
• enabled – MRP is enabled
• disabled – MRP is disabled
Ring role Whether this node is the master for the ring. The role can be one of
the following:
• master
• member
Master vlan The ID of the master VLAN in the topology group used by this ring. If
a topology group is used by MRP, the master VLAN controls the MRP
settings for all VLANs in the topology group.
Note: The topology group ID is 0 if the MRP VLAN is not the master
VLAN in a topology group. Using a topology group for MRP
configuration is optional.
Hello time The interval, in milliseconds, at which the Forwarding port on the
ring’s master node sends Ring Hello Packets (RHPs).
June 2005 10 - 17
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Prefwing time The number of milliseconds an MRP interface that has entered the
Preforwarding state will wait before changing to the Forwarding state.
If a member port in the Preforwarding state does not receive an RHP
within the Preforwarding time (Prefwing time), the port assumes that a
topology change has occurred and changes to the Forwarding state.
The secondary port on the Master node changes to Blocking if it
receives an RHP, but changes to Forwarding if the port does not
receive an RHP before the preforwarding time expires.
Note: A member node’s Preforwarding interface also changes from
Preforwarding to Forwarding if it receives an RHP whose forwarding
bit is on.
Forwarding state Whether MRP Forwarding is enabled on the interface. The forwarding
state can be one of the following:
• blocking – The interface is blocking Layer 2 data traffic and RHPs
• disabled – The interface is down
• forwarding – The interface is forwarding Layer 2 data traffic and
RHPs
• preforwarding – The interface is listening for RHPs but is blocking
Layer 2 data traffic
Active interface The physical interfaces that are sending and receiving RHPs.
Note: If a port is disabled, its state is shown as “disabled”.
Note: If an interface is a trunk group, only the primary port of the
group is listed.
10 - 18 June 2005
Configuring Metro Features
TC RHPs rcvd The number of Topology Change RHPs received on the interface. A
Topology Change RHP indicates that the ring topology has changed.
State changes The number of MRP interface state changes that have occurred. The
state can be one of the states listed in the Forwarding state field.
NOTE: For simplicity, the figure shows the VLANs on only two Routing Switches. The CLI examples implement
the ring on all four Routing Switches.
June 2005 10 - 19
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
10 - 20 June 2005
Configuring Metro Features
Figure 10.11 VSRP mesh – redundant paths for Layer 2 and Layer 3 traffic
VSRP VSRP
Master optional link Backup
F F F B B B
Hello packets
In this example, two HP devices are configured as redundant paths for VRID 1. On each of the devices, a Virtual
Router ID (VRID) is configured on a port-based VLAN. Since VSRP is primarily a Layer 2 redundancy protocol,
the VRID applies to the entire VLAN. However, you can selectively remove individual ports from the VRID if
needed.
June 2005 10 - 21
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Following Master election (described below), one of the HP devices becomes the Master for the VRID and sets the
state of all the VLAN’s ports to Forwarding. The other device is a Backup and sets all the ports in its VRID VLAN
to Blocking.
If a failover occurs, the Backup becomes the new Master and changes all its VRID ports to the Forwarding state.
Other HP devices can use the redundant paths provided by the VSRP devices. In this example, three HP devices
use the redundant paths. An HP device that is not itself configured for VSRP but is connected to an HP device
that is configured for VSRP, is VSRP aware. In this example, the three HP devices connected to the VSRP
devices are VSRP aware. An HP device that is VSRP aware can failover its link to the new Master in sub-second
time, by changing the MAC address associated with the redundant path.
When you configure VSRP, make sure each of the non-VSRP HP devices connected to the VSRP devices has a
separate link to each of the VSRP devices.
NOTE: An HP device must be running software release 07.6.01b or later to be a VSRP device or a VSRP-aware
device.
NOTE: If you want to provide Layer 3 redundancy only, disable VSRP and use VRRPE.
10 - 22 June 2005
Configuring Metro Features
If you increase the timer scale value, each timer’s value is divided by the scale value. To achieve sub-second
failover times, you can change the scale to a value up to 10. This shortens all the VSRP timers to 10 percent of
their configured values.
VSRP Priority Calculation
Each VSRP device has a VSRP priority for each VRID and its VLAN. The VRID is used during Master election for
the VRID. By default, a device’s VSRP priority is the value configured on the device (which is 100 by default).
However, to ensure that a Backup with a high number of up ports for a given VRID is elected, the device reduces
the priority if a port in the VRID’s VLAN goes down. For example, if two Backups each have a configured priority
of 100, and have three ports in VRID 1 in VLAN 10, each Backup begins with an equal priority, 100. This is shown
in Figure 10.12
VSRP VSRP
Master optional link Backup
F F F B B B
However, if one of the VRID’s ports goes down on one of the Backups, that Backup’s priority is reduced. If the
Master’s priority is reduced enough to make the priority lower than a Backup’s priority, the VRID fails over to the
Backup. Figure 10.13 shows an example.
June 2005 10 - 23
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
VSRP VSRP
Backup optional link Master
B B B F F F
Link down X
You can reduce the sensitivity of a VSRP device to failover by increasing its configured VSRP priority. For
example, you can increase the configured priority of the VSRP device on the left in Figure 10.13 to 150. In this
case, failure of a single link does not cause failover. The link failure caused the priority to be reduced to 100,
which is still equal to the priority of the other device. This is shown in Figure 10.14.
VSRP VSRP
Master optional link Backup
F F F B B B
Link down X
Track Ports
Optionally, you can configure track ports to be included during VSRP priority calculation. In VSRP, a track port is
a port that is not a member of the VRID’s VLAN, but whose state is nonetheless considered when the priority is
calculated. Typically, a track port represents the exit side of traffic received on the VRID ports. By default, no track
ports are configured.
When you configure a track port, you assign a priority value to the port. If the port goes down, VSRP subtracts the
track port’s priority value from the configured VSRP priority. For example, if the you configure a track port with
priority 20 and the configured VSRP priority is 100, the software subtracts 20 from 100 if the track port goes down,
10 - 24 June 2005
Configuring Metro Features
resulting in a VSRP priority of 80. The new priority value is used when calculating the VSRP priority. Figure 10.15
shows an example.
VSRP VSRP
Master optional link Backup
F F F B B B
Track port
is up
In Figure 10.15, the track port is up. SInce the port is up, the track priority does not affect the VSRP priority
calculation. If the track port goes down, the track priority does affect VSRP priority calculation, as shown in Figure
10.16.
VSRP VSRP
X Backup optional link Master
B B B F F F
Track link
is down
June 2005 10 - 25
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
number in the record. Each subsequent time the device receives a Hello message for the same VRID and VLAN,
the device checks the port number.
• If the port number is the same as the port that previously received a Hello message, the VSRP-aware device
assumes that the message came from the same VSRP Master that sent the previous message.
• If the port number does not match, the VSRP-aware device assumes that a VSRP failover has occurred to a
new Master, and moves the MAC addresses learned on the previous port to the new port.
The VRID records age out if unused. This can occur if the VSRP-aware device becomes disconnected from the
Master. The VSRP-aware device will wait for a Hello message for the period of time equal to the following:
VRID Age = Dead Interval + Hold-down Interval + (3 x Hello Interval)
The values for these timers are determined by the VSRP device sending the Hello messages. If the Master uses
the default timer values, the age time for VRID records on the VSRP-aware devices is as follows:
3 + 2 + (3 x 1) = 8 seconds
In this case, if the VSRP-aware device does not receive a new Hello message for a VRID in a given VLAN, on any
port, the device assumes the connection to the Master is unavailable and removes the VRID record.
Timer Scale
The VSRP Hello interval, Dead interval, Backup Hello interval, and Hold-down interval timers are individually
configurable. You also can easily change all the timers at the same time while preserving the ratios among their
values. To do so, change the timer scale. The timer scale is a value used by the software to calculate the timers.
The software divides a timer’s value by the timer scale value. By default, the scale is 1. This means the VSRP
timer values are the same as the values in the configuration.
VSRP Parameters
Table 10.4 lists the VSRP parameters.
10 - 26 June 2005
Configuring Metro Features
Virtual Router The ID of the virtual switch you are creating by None 10-29
ID (VRID) configuring multiple devices as redundant links. You
must configure the same VRID on each device that
you want to use to back up the links.
Timer scale The value used by the software to calculate all VSRP 1 10-30
timers. Increasing the timer scale value decreases
the length of all the VSRP timers equally, without
changing the ratio of one timer to another.
Interface Parameters
Authentication The type of authentication the VSRP devices use to No authentication 10-31
type validate VSRP packets. On Routing Switches, the
authentication type must match the authentication
type the VRID’s port uses with other routing protocols
such as OSPF.
• No authentication – The interfaces do not use
authentication. This is the VRRP default.
• Simple – The interface uses a simple text-string
as a password in packets sent on the interface. If
the interface uses simple password
authentication, the VRID configured on the
interface must use the same authentication type
and the same password.
Note: MD5 is not supported.
VSRP-Aware The type of authentication the VSRP-aware devices Not configured 10-32
Authentication will use on a VSRP backup switch.
type
• No authentication – The device does not accept
incoming packets that have authentication
strings.
• Simple – The device uses a simple text-string as
the authentication string for accepting incoming
packets.
VRID Parameters
VSRP device Whether the device is a VSRP Backup for the VRID. Not configured 10-29
type
All VSRP devices for a given VRID are Backups.
VSRP ports The ports in the VRID’s VLAN that you want to use as All ports in the VRID’s 10-32
VRID interfaces. You can selectively exclude VLAN
individual ports from VSRP while allowing them to
remain in the VLAN.
June 2005 10 - 27
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
VRID IP A gateway address you are backing up. Configuring None 10-33
address an IP address provides VRRPE Layer 3 redundancy
in addition to VSRP LAyer 2 redundancy.
The VRID IP address must be in the same subnet as
a real IP address configured on the VSRP interface,
but cannot be the same as a real IP address
configured on the interface.
Backup priority A numeric value that determines a Backup’s 100 for all Backups 10-33
preferability for becoming the Master for the VRID.
During negotiation, the device with the highest priority
becomes the Master.
In VSRP, all devices are Backups and have the same
priority by default.
If two or more Backups are tied with the highest
priority, the Backup with the highest IP address
becomes the Master for the VRID.
Preference of When you save a Backup’s configuration, the Configured timer 10-33
timer source software can save the configured VSRP timer values values are saved
or the VSRP timer values received from the Master.
Saving the current timer values instead of the
configured ones helps ensure consistent timer usage
for all the VRID’s devices.
Note: The Backup always gets its timer scale value
from the Master.
Hello interval The amount of time between Hello messages from One second 10-34
the Master to the Backups for a given VRID.
The interval can be from 1 – 84 seconds.
Dead interval The amount of time a Backup waits for a Hello Three times the Hello 10-34
message from the Master for the VRID before Interval
determining that the Master is no longer active.
If the Master does not send a Hello message before
the dead interval expires, the Backups negotiate
(compare priorities) to select a new Master for the
VRID.
10 - 28 June 2005
Configuring Metro Features
Backup Hello The amount of time between Hello messages from a Disabled 10-35
state and Backup to the Master.
60 seconds when
interval
The message interval can be from 60 – 3600 enabled
seconds.
You must enable the Backup to send the messages.
The messages are disabled by default on Backups.
The current Master sends Hello messages by default.
Hold-down The amount of time a Backup that has sent a Hello 2 seconds 10-35
interval packet announcing its intent to become Master waits
before beginning to forward traffic for the VRID. The
hold-down interval prevents Layer 2 loops from
occurring during VSRP’s rapid failover.
The interval can from 1 – 84 seconds.
Track priority A VSRP priority value assigned to the tracked port(s). 5 10-35
If a tracked port’s link goes down, the VRID port’s
VSRP priority is reduced by the amount of the tracked
port’s priority.
Track port A track port is a port or virtual routing interface that is None 10-36
outside the VRID but whose link state is tracked by
the VRID. Typically, the tracked interface represents
the other side of VRID traffic flow through the device.
If the link for a tracked interface goes down, the VSRP
priority of the VRID interface is changed, causing the
devices to renegotiate for Master.
Backup preempt Prevents a Backup with a higher VSRP priority from Enabled 10-36
mode taking control of the VRID from another Backup that
has a lower priority but has already assumed control
of the VRID.
VRID active The active state of the VSRP VRID. Disabled 10-29
state
RIP Parameters
June 2005 10 - 29
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
• Configure a port-based VLAN containing the ports for which you want to provide VSRP service.
NOTE: If you already have a port-based VLAN but only want to use VSRP on a sub-set of the VLANs ports,
you can selectively remove ports from VSRP service in the VLAN. See “Removing a Port from the VRID’s
VLAN” on page 10-32.
• Configure a VRID.
• Specify that the device is a backup. Since VSRP, like VRRPE, does not have an “owner”, all VSRP
devices are backups. The active device for a VRID is elected based on the VRID priority, which is
configurable.
• Activate the VRID.
The following example shows a simple VSRP configuration.
ProCurveRS(config)# vlan 200
ProCurveRS(config-vlan-200)# tag ethernet 1/1 to 1/8
ProCurveRS(config-vlan-200)# vsrp vrid 1
ProCurveRS(config-vlan-200-vrid-1)# backup
ProCurveRS(config-vlan-200-vrid-1)# activate
Syntax: [no] vsrp vrid <num>
The <num> parameter specifies the VRID and can be from 1 – 255.
Syntax: [no] backup [priority <value>] [track-priority <value>]
This command is required. In VSRP, all devices on which a VRID are configured are Backups. The Master is then
elected based on the VSRP priority of each device. There is no “owner” device as there is in VRRP.
For information about the command’s optional parameters, see the following:
• “Changing the Backup Priority” on page 10-33
• “Changing the Default Track Priority” on page 10-35
Syntax: [no] activate
or
Syntax: enable | disable
10 - 30 June 2005
Configuring Metro Features
timer values enables you to easily change all the timers while preserving the ratios among their values. Here is an
example.
2 0.5 seconds
2 1.5 seconds
2 30 seconds
2 1 second
If you configure the device to receive its timer values from the Master, the Backup also receives the timer scale
value from the Master.
NOTE: The Backups always use the value of the timer scale received from the Master, regardless of whether the
timer values that are saved in the configuration are the values configured on the Backup or the values received
from the Master.
To change the timer scale, enter a command such as the following at the global CONFIG level of the CLI:
ProCurveRS(config)# scale-timer 2
This command changes the scale to 2. All VSRP timer values will be divided by 2.
Syntax: [no] scale-timer <num>
The <num> parameter specifies the multiplier. You can specify a timer scale from 1 – 10.
Configuring Authentication
If the interfaces on which you configure the VRID use authentication, the VSRP packets on those interfaces also
must use the same authentication. VSRP supports the following authentication types:
• No authentication – The interfaces do not use authentication. This is the default.
• Simple – The interfaces use a simple text-string as a password in packets sent on the interface. If the
interfaces use simple password authentication, the VRID configured on the interfaces must use the same
authentication type and the same password.
To configure a simple password, enter a command such as the following at the interface configuration level:
ProCurveRS(config-if-1/6)# ip vsrp auth-type simple-text-auth ourpword
This command configures the simple text password “ourpword”.
Syntax: [no] ip vsrp auth-type no-auth | simple-text-auth <auth-data>
The auth-type no-auth parameter indicates that the VRID and the interface it is configured on do not use
authentication.
The auth-type simple-text-auth <auth-data> parameter indicates that the VRID and the interface it is configured
on use a simple text password for authentication. The <auth-data> value is the password. If you use this
parameter, make sure all interfaces on all the devices supporting this VRID are configured for simple password
authentication and use the same password.
June 2005 10 - 31
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
10 - 32 June 2005
Configuring Metro Features
NOTE: The VRID IP address must be in the same subnet as a real IP address configured on the VSRP interface,
but cannot be the same as a real IP address configured on the interface.
To specify an IP address to back up, enter a command such as the following at the configuration level for the
VRID:
ProCurveRS(config-vlan-200-vrid-1)# ip-address 10.10.10.1
Syntax: [no] ip-address <ip-addr>
or
Syntax: [no] ip address <ip-addr>
Changing the Backup Priority
When you enter the backup command to configure the device as a VSRP Backup for the VRID, you also can
change the backup priority and the track priority.
• The backup priority is used for election of the Master. The VSRP Backup with the highest priority value for the
VRID is elected as the Master for that VRID. The default priority is 100. If two or more Backups are tied with
the highest priority, the Backup with the highest IP address becomes the Master for the VRID.
• The track priority is used with the track port feature. See “VSRP Priority Calculation” on page 10-23 and
“Changing the Default Track Priority” on page 10-35.
To change the backup priority, enter a command such as the following at the configuration level for the VRID:
ProCurveRS(config-vlan-200-vrid-1)# backup priority 75
Syntax: [no] backup [priority <value>] [track-priority <value>]
The priority <value> parameter specifies the VRRP priority for this interface and VRID. You can specify a value
from 3 – 254. The default is 100.
For a description of the track-priority <value> parameter, see “Changing the Default Track Priority” on page 10-
35.
Saving the Timer Values Received from the Master
The Hello messages sent by a VRID’s master contain the VRID values for the following VSRP timers:
• Hello interval
• Dead interval
• Backup Hello interval
June 2005 10 - 33
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
• Hold-down interval
By default, each Backup saves the configured timer values to its startup-config file when you save the device’s
configuration.
You can configure a Backup to instead save the current timer values received from the Master when you save the
configuration. Saving the current timer values instead of the configured ones helps ensure consistent timer usage
for all the VRID’s devices.
NOTE: The Backups always use the value of the timer scale received from the Master, regardless of whether the
timer values that are saved in the configuration are the values configured on the Backup or the values received
from the Master.
To configure a Backup to save the VSRP timer values received from the Master instead of the timer values
configured on the Backup, enter the following command:
ProCurveRS(config-vlan-200-vrid-1)# save-current-values
Syntax: [no] save-current-values
Changing the Time-To-Live (TTL)
A VSRP Hello packet’s TTL specifies how many hops the packet can traverse before being dropped. You can
specify from 1 – 255. The default TTL is 2. When a VSRP device (Master or Backup) sends a VSRP HEllo
packet, the device subtracts one from the TTL. Thus, if the TTL is 2, the device that originates the Hello packet
sends it out with a TTL of 1. Each subsequent device that receives the packet also subtracts one from the
packet’s TTL. When the packet has a TTL of 1, the receiving device subtracts 1 and then drops the packet
because the TTL is zero.
NOTE: An MRP ring is considered to be a single hop, regardless of the number of nodes in the ring.
To change the TTL for a VRID, enter a command such as the following at the configuration level for the VRID:
ProCurveRS(config-vlan-200-vrid-1)# initial-ttl 5
Syntax: [no] initial-ttl <num>
The <num> parameter specifies the TTL and can be from 1 – 255. The default TTL is 2.
Changing the Hello Interval
The Master periodically sends Hello messages to the Backups. To change the Hello interval, enter a command
such as the following at the configuration level for the VRID:
ProCurveRS(config-vlan-200-vrid-1)# hello-interval 10
Syntax: [no] hello-interval <num>
The <num> parameter specifies the interval and can be from 1 – 84 seconds. The default is 1 second.
NOTE: The default Dead interval is three times the Hello interval plus one-half second. Generally, if you change
the Hello interval, you also should change the Dead interval on the Backups.
NOTE: If you change the timer scale, the change affects the actual number of seconds.
10 - 34 June 2005
Configuring Metro Features
The <num> parameter specifies the interval and can be from 1 – 84 seconds. The default is 3 seconds.
NOTE: If you change the timer scale, the change affects the actual number of seconds.
NOTE: If you change the timer scale, the change affects the actual number of seconds.
NOTE: If you change the timer scale, the change affects the actual number of seconds.
June 2005 10 - 35
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: The priority <num> option changes the priority of the specified interface, overriding the default track port
priority. To change the default track port priority, use the backup track-priority <num> command.
NOTE: This parameter applies only if you specified an IP address to back up and is valid only on Routing
Switches.
10 - 36 June 2005
Configuring Metro Features
Total number of VSRP routers The total number of VRIDs configured on this device.
defined
auth-type The authentication type in effect on the ports in the VSRP VLAN.
VRID parameters
June 2005 10 - 37
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
state This device’s VSRP state for the VRID. The state can be one of the
following:
• initialize – The VRID is not enabled (activated). If the state
remains “initialize” after you activate the VRID, make sure that the
VRID is also configured on the other Routing Switches and that
the Routing Switches can communicate with each other.
Administrative-status The administrative status of the VRID. The administrative status can
be one of the following:
• disabled – The VRID is configured on the interface but VSRP or
VRRPE has not been activated on the interface.
• enabled – VSRP has been activated on the interface.
Advertise-backup Whether the device is enabled to send VSRP Hello messages when it
is a Backup. This field can have one of the following values:
• disabled – The device does not send Hello messages when it is
a Backup.
• enabled – The device does send Hello messages when it is a
Backup.
save-current The source of VSRP timer values preferred when you save the
configuration. This field can have one of the following values:
• false – The timer values configured on this device are saved.
• true – The timer values most recently received from the Master
are saved instead of the locally configured values.
10 - 38 June 2005
Configuring Metro Features
priority The device’s preferability for becoming the Master for the VRID.
During negotiation, the Backup with the highest priority becomes the
Master.
If two or more Backups are tied with the highest priority, the Backup
interface with the highest IP address becomes the Master for the
VRID.
hello-interval The number of seconds between Hello messages from the Master to
the Backups for a given VRID.
dead-interval The configured value for the dead interval. The dead interval is the
number of seconds a Backup waits for a Hello message from the
Master for the VRID before determining that the Master is no longer
active.
If the Master does not send a Hello message before the dead interval
expires, the Backups negotiate (compare priorities) to select a new
Master for the VRID.
Note: If the value is 0, then you have not configured this parameter.
hold-interval The number of seconds a Backup that intends to become the Master
will wait before actually beginning to forward Layer 2 traffic for the
VRID.
If the Backup receives a Hello message with a higher priority than its
own before the hold-down interval expires, the Backup remains in the
Backup state and does not become the new Master.
initial-ttl The number of hops a Hello message can traverse after leaving the
device before the Hello message is dropped.
Note: An MRP ring counts as one hop, regardless of the number of
nodes in the ring.
next hello sent in The amount of time until the Master’s dead interval expires. If the
Backup does not receive a Hello message from the Master by the time
the interval expires, either the IP address listed for the Master will
change to the IP address of the new Master, or this Routing Switch
itself will become the Master.
Note: This field applies only when this device is a Backup.
Forwarding ports The member ports that are currently in the Forwarding state. Ports
that are forwarding on the Master are listed. Ports on the Standby,
which are in the Blocking state, are not listed.
June 2005 10 - 39
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
To display the active VRID interfaces, enter the following command on the VSRP-aware device:
ProCurveRS(config-vlan-200-vrid-1)# show vsrp aware
VLAN ID The VLAN that contains the VSRP-aware device’s connection with the
VSRP Master and Backups.
Last Port The most recent active port connection to the VRID. This is the port
connected to the current Master. If a failover occurs, the VSRP-aware
device changes the port to the port connected to the new Master. The
VSRP-aware device uses this port to send and receive data through
the backed up node.
10 - 40 June 2005
Configuring Metro Features
• If virtual switches have not been configured, you see the VSRP configuration panel:
5. Enter the ID of the VLAN to which the VRID will be assigned in the VlanId field.
NOTE: The VLAN you enter must be configured and must be active. STP must also be disabled on the
VLAN.
June 2005 10 - 41
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
12. Enter a value for Priority. If two or more Backups are tied with the highest priority, the Backup with the highest
IP address becomes the Master for the VRID. The default Backup Priority is 100.
13. Enter a value for Backup Hello Interval. This interval is the number of seconds between Hello messages from
the Master to the Backups for a given VRID. The interval can from 60 –3600 seconds, with 60 seconds as the
default.
You must enable the Backup to send messages (advertise backup).
14. In the Dead Interval field. enter he amount of time a Backup waits for a Hello message from the Master for the
VRID before determining that the Master is no longer active.
If the Master does not send a Hello message before the dead interval expires, the Backups negotiate
(compare priorities) to select a new Master for the VRID.
15. Select Enable for Advertise Backup if you want to advertise routes to a backed up VRID even when the
Routing Switch is not the current active Routing Switches for the VRID. Disabling the advertisements helps
ensure that other Routing Switches do not receive invalid route paths for the VRID. The default is Disabled.
16. Select Enable for the Preempt field to prevent a Backup with a higher VSRP priority from taking control of the
VRID from another Backup that has a lower priority but has already assumed control of the VRID. Select
Disable if you do not want to disable this feature. The default is enabled.
17. Enter a value for the Hold Down Interval field. This is the amount of time a Backup that has sent a Hello
packet announcing its intent to become Master waits before beginning to forward traffic for the VRID. The
hold-down interval prevents Layer 2 loops from occurring during VSRP’s rapid failover.
The interval can from 1 – 84 seconds. The default is 2 seconds.
18. Indicate the maximum time-to-live value, which is the number of hops a VSRP Hello packet can traverse
before being dropped. You can specify from 1 – 255. The default is 2.
19. Click Enable for Router Save if you want the Backup to save the VSRP timer values received from the Master
instead of the timer values configured on the Backup (above). VSRP timer values that will be saved are:
• Hello interval
• Dead interval
• Backup Hello interval
• Hold-down interval
20. Enter the Track Priority value or leave it blank to use the default. If a tracked port’s link goes down, the VRID
port’s VSRP priority is reduced by the amount of the tracked port’s priority. The default priority is 5.
21. In the Track Ports section, place a check mark in the box for a port whose link state is tracked by the VRID.
Typically, the tracked interface represents the other side of VRID traffic flow through the device.
If the link for a tracked interface goes down, the VSRP priority of the VRID interface is changed, causing the
devices to renegotiate for Master.
22. Click the Add button to add the VSRP switch.
23. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
Modifying Authentication Parameters
You can modify the password that was configured for a VSRP interface on a separate panel of the Web
management interface.
1. Log on to the device using a valid user name and password for read-write access. The General System
configuration panel is displayed.
2. Click on the plus sign next to Monitor in the tree view to expand the list of configuration options.
3. Click on the plus sign next to VSRP in the tree view to expand the list of configuration options.
10 - 42 June 2005
Configuring Metro Features
4. Click on the Interface link to display the VSRP Interface table, which lists all the VSRP interfaces on the
device that have been configured.
5. Click the Modify button for the interface that you want to configure to display the VSRP Interface configuration
panel.
6. Select the Authentication Type, either None, Simple Text Password or Ip Auth header.
7. Enter a password if the authentication is Simple Text Password. Leave this field blank if other password types
are used.
8. Click the Apply button to the update the information for the VSRP.
9. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
June 2005 10 - 43
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
4. Click on the Virtual Switch link to display the VSRP Virtual Switch Statistics Display panel.
Receive Pkts Drop Number of packets addressed to the VRID that were dropped.
Packets are divided into the following categories:
• ARP packets
• IP packets
Receive Mismatch Number of packets that did not match the configured values of the
following:
• Port – receiving interface
• IP – IP addresses
• Hello – Hello interval
Receive Priority Zero from Master Number of times the current Master has resigned
Receive Higher Priority The number of VRRPE packets received by the interface that had a
higher backup priority for the VRID than this device’s backup priority
for the VRID.
Transition Count The number of times this device has changed the state of its VRID:
• Master – transition from Backup to Master
• Backup – transition Master to Backup
To clear the statistics for VSRP, click the Clear button on the display panel.
10 - 44 June 2005
Configuring Metro Features
June 2005 10 - 45
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
10 - 46 June 2005
Chapter 11
Configuring Virtual LANs (VLANs)
This chapter describes how to configure Virtual LANs (VLANs) on ProCurve Routing Switches.
The “Overview” section provides basic information about HP’s VLAN options. Following this section, other
sections provide configuration procedures and examples.
To display configuration information for VLANs, see “Displaying VLAN Information” on page 11-63.
For complete syntax information for the CLI commands shown in this chapter, see the Command Line Interface
Reference for ProCurve 9300/9400 Series Routing Switches.
Most of the configuration examples in this chapter are based on CLI commands. For Web management
procedures, see “Configuring VLANs Using the Web Management Interface” on page 11-57.
NOTE: For information about the GARP VLAN Registration Protocol (GVRP), see “Configuring GARP VLAN
Registration Protocol (GVRP)” on page 13-1.
Overview
This section describes the HP VLAN features. Configuration procedures and examples appear in later sections of
this chapter.
Types of VLANs
You can configure the following types of VLANs on HP devices.
• Layer 2 port-based VLAN – a set of physical ports that share a common, exclusive Layer 2 broadcast domain
• Layer 3 protocol VLANs – a subset of ports within a port-based VLAN that share a common, exclusive
broadcast domain for Layer 3 broadcasts of the specified protocol type
• IP subnet VLANs – a subset of ports in a port-based VLAN that share a common, exclusive subnet broadcast
domain for a specified IP subnet
• IPX network VLANs – a subset of ports in a port-based VLAN that share a common, exclusive network
broadcast domain for a specified IPX network
• AppleTalk cable VLANs – a subset of ports in a port-based VLAN that share a common, exclusive network
broadcast domain for a specified AppleTalk cable range
When an HP device receives a packet on a port that is a member of a VLAN, the device forwards the packet
based on the following VLAN hierarchy:
June 2005 11 - 1
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
• If the port belongs to an IP subnet VLAN, IPX network VLAN, or AppleTalk cable VLAN and the packet
belongs to the corresponding IP subnet, IPX network, or AppleTalk cable range, the device forwards the
packet to all the ports within that VLAN.
• If the packet is a Layer 3 packet but cannot be forwarded as described above, but the port is a member of a
Layer 3 protocol VLAN for the packet’s protocol, the device forwards the packet on all the Layer 3 protocol
VLAN’s ports.
• If the packet cannot be forwarded based on either of the VLAN membership types listed above, but the
packet can be forwarded at Layer 2, the device forwards the packet on all the ports within the receiving port’s
port-based VLAN.
Protocol VLANs differ from IP subnet, IPX network, and AppleTalk VLANs in an important way. Protocol VLANs
accept any broadcast of the specified protocol type. An IP subnet, IPx network, or AppleTalk VLAN accepts only
broadcasts for the specified IP subnet, IPX network, or AppleTalk cable range.
NOTE: Protocol VLANs are different from IP subnet, IPX network, and AppleTalk cable VLANs. A port-based
VLAN cannot contain both an IP subnet, IPX network, or AppleTalk cable VLAN and a protocol VLAN for the same
protocol. For example, a port-based VLAN cannot contain both an IP protocol VLAN and an IP subnet VLAN.
Default VLAN
A port can belong to only one port-based VLAN, unless you apply 802.1q tagging to the port. 802.1q tagging
allows the port to add a four-byte tag field, which contains the VLAN ID, to each packet sent on the port. You also
can configure port-based VLANs that span multiple devices by tagging the ports within the VLAN. The tag
enables each device that receives the packet to determine the VLAN the packet belongs to. 802.1q tagging
applies only to Layer 2 VLANs, not to Layer 3 VLANs.
Since each port-based VLAN is a separate Layer 2 broadcast domain, by default each VLAN runs a separate
instance of the Spanning Tree Protocol (STP).
11 - 2 June 2005
Configuring Virtual LANs (VLANs)
Layer 2 traffic is bridged within a port-based VLAN and Layer 2 broadcasts are sent to all the ports within the
VLAN.
Layer 3 Protocol-Based VLANs
If you want some or all of the ports within a port-based VLAN to be organized according to Layer 3 protocol, you
must configure a Layer 3 protocol-based VLAN within the port-based VLAN.
You can configure each of the following types of protocol-based VLAN within a port-based VLAN. All the ports in
the Layer 3 VLAN must be in the same Layer 2 VLAN.
• AppleTalk – The device sends AppleTalk broadcasts to all ports within the AppleTalk protocol VLAN.
• IP – The device sends IP broadcasts to all ports within the IP protocol VLAN.
• IPX – The device sends IPX broadcasts to all ports within the IPX protocol VLAN.
• DECnet – The device sends DECnet broadcasts to all ports within the DECnet protocol VLAN.
• NetBIOS – The device sends NetBIOS broadcasts to all ports within the NetBIOS protocol VLAN.
• Other – The device sends broadcasts for all protocol types other than those listed above to all ports within the
VLAN.
Figure 11.2 shows an example of Layer 3 protocol VLANs configured within a Layer 2 port-based VLAN.
Default VLAN
June 2005 11 - 3
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
routing interface on each VLAN, then configure IP routing parameters for the subnets. Thus, the Routing Switch
forwards IP subnet broadcasts within each VLAN at Layer 2 but routes Layer 3 traffic between the VLANs using
the virtual routing interfaces.
NOTE: The Routing Switch uses the lowest MAC address on the device (the MAC address of port 1/1) as the
MAC address for all ports within all virtual routing interfaces you configure on the device.
The routing parameters and the syntax for configuring them are the same as when you configure a physical
interface for routing. The logical interface allows the Routing Switch to internally route traffic between the
protocol-based VLANs without using physical interfaces.
All the ports within a protocol-based VLAN must be in the same port-based VLAN. The protocol-based VLAN
cannot have ports in multiple port-based VLANs, unless the ports in the port-based VLAN to which you add the
protocol-based VLAN are 802.1q tagged.
You can configure multiple protocol-based VLANs within the same port-based VLAN. In addition, a port within a
port-based VLAN can belong to multiple protocol-based VLANs of the same type or different types. For example,
if you have a port-based VLAN that contains ports 1/1 – 1/10, you can configure port 1/5 as a member of an
AppleTalk protocol VLAN, an IP protocol VLAN, and an IPX protocol VLAN, and so on.
IP Subnet, IPX Network, and AppleTalk Cable VLANs
The protocol-based VLANs described in the previous section provide separate protocol broadcast domains for
specific protocols. For IP, IPX, and AppleTalk, you can provide more granular broadcast control by instead
creating the following types of VLAN:
• IP subnet VLAN – An IP subnet broadcast domain for a specific IP subnet.
• IPX network VLAN – An IPX network broadcast domain for a specific IPX network.
• AppleTalk cable VLAN – An AppleTalk broadcast domain for a specific cable range.
The Routing Switch sends broadcasts for the IP subnet, IPX network, or AppleTalk cable range to all ports within
the IP subnet, IPX network, or AppleTalk cable VLAN at Layer 2.
The Routing Switch routes packets between VLANs at Layer 3. To configure an IP subnet, IPX network, or
AppleTalk cable VLAN to route, you must add a virtual routing interface to the VLAN, then configure the
appropriate routing parameters on the virtual routing interface.
NOTE: The Routing Switch routes packets between VLANs of the same protocol. The Routing Switch cannot
route from one protocol to another.
NOTE: IP subnet VLANs are not the same thing as IP protocol VLANs. An IP protocol VLAN sends all IP
broadcasts on the ports within the IP protocol VLAN. An IP subnet VLAN sends only the IP subnet broadcasts for
the subnet of the VLAN. You cannot configure an IP protocol VLAN and an IP subnet VLAN within the same port-
based VLAN.
This note also applies to IPX protocol VLANs and IPX network VLANs, and to AppleTalk protocol VLANs and
AppleTalk cable VLANs.
Default VLAN
By default, all the ports on an HP device are in a single port-based VLAN. This VLAN is called DEFAULT-VLAN
and is VLAN number 1. HP devices do not contain any protocol VLANs or IP subnet, IPX network, or AppleTalk
cable VLANs by default.
11 - 4 June 2005
Configuring Virtual LANs (VLANs)
Default VLAN
When you configure a port-based VLAN, one of the configuration items you provide is the ports that are in the
VLAN. When you configure the VLAN, the HP device automatically removes the ports that you place in the VLAN
from DEFAULT-VLAN. By removing the ports from the default VLAN, the HP device ensures that each port
resides in only one Layer 2 broadcast domain.
NOTE: Information for the default VLAN is available only after you define another VLAN.
Some network configurations may require that a port be able to reside in two or more Layer 2 broadcast domains
(port-based VLANs). In this case, you can enable a port to reside in multiple port-based VLANs by tagging the
port. See the following section.
If your network requires that you use VLAN ID 1 for a user-configured VLAN, you can reassign the default VLAN
to another valid VLAN ID. See “Assigning a Different VLAN ID to the Default VLAN” on page 11-13.
802.1q Tagging
802.1q tagging is an IEEE standard that allows a networking device to add information to a Layer 2 packet in order
to identify the VLAN membership of the packet. HP devices tag a packet by adding a four-byte tag to the packet.
The tag contains the tag value, which identifies the data as a tag, and also contains the VLAN ID of the VLAN from
which the packet is sent.
• The default tag value is 8100 (hexadecimal). This value comes from the 802.1q specification. You can
change this tag value on a global basis on HP devices if needed to be compatible with other vendors’
equipment.
• The VLAN ID is determined by the VLAN on which the packet is being forwarded.
Figure 11.4 shows the format of packets with and without the 802.1q tag. The tag format is vendor-specific. To
use the tag for VLANs configured across multiple devices, make sure all the devices support the same tag format.
June 2005 11 - 5
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: You cannot configure a port to be a member of the default port-based VLAN and another port-based
VLAN at the same time. Once you add a port to a port-based VLAN, the port is no longer a member of the default
VLAN. The port returns to the default VLAN only if you delete the other VLAN(s) that contains the port.
If you configure a VLAN that spans multiple devices, you need to use tagging only if a port connecting one of the
devices to the other is a member of more than one port-based VLAN. If a port connecting one device to the other
is a member of only a single port-based VLAN, tagging is not required.
If you use tagging on multiple devices, each device must be configured for tagging and must use the same tag
value. In addition, the implementation of tagging must be compatible on the devices. The tagging on all HP
devices is compatible with other HP devices.
11 - 6 June 2005
Configuring Virtual LANs (VLANs)
Figure 11.5 shows an example of two devices that have the same Layer 2 port-based VLANs configured across
them. Notice that only one of the VLANs requires tagging.
Se
Se
g
me
gm
n
en
t2
t1
NOTE: If you configure a port-based VLAN on the device, the VLAN has the same STP state as the default
STP state on the device. On Routing Switches, new VLANs have STP disabled by default. You can enable
or disable STP in each VLAN separately. In addition, you can enable or disable STP on individual ports.
• Port-based VLAN – Affects all ports within the specified port-based VLAN.
STP is a Layer 2 protocol. Thus, you cannot enable or disable STP for individual protocol VLANs or for IP subnet,
IPX network, or AppleTalk cable VLANs. The STP state of a port-based VLAN containing these other types of
VLANs determines the STP state for all the Layer 2 broadcasts within the port-based VLAN. This is true even
though Layer 3 protocol broadcasts are sent on Layer 2 within the VLAN.
It is possible that STP will block one or more ports in a protocol VLAN that uses a virtual routing interface to route
to other VLANs. For IP protocol and IP subnet VLANs, even though some of the physical ports of the virtual
routing interface are blocked, the virtual routing interface can still route so long as at least one port in the virtual
routing interface’s protocol VLAN is not blocked by STP.
June 2005 11 - 7
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
If you enable Single STP (SSTP) on the device, the ports in all VLANs on which STP is enabled become members
of a single spanning tree. The ports in VLANs on which STP is disabled are excluded from the single spanning
tree.
For more information, see “Configuring Spanning Tree Protocol (STP) and Advanced STP Features” on page 8-1.
Figure 11.6 Use virtual routing interfaces for routing between Layer 3 protocol VLANs
VE 1 VE 3
VE 2 VE 4
11 - 8 June 2005
Configuring Virtual LANs (VLANs)
• Dynamic ports
• Static ports
You also can explicitly exclude ports.
Dynamic Ports
Dynamic ports are added to a VLAN when you create the VLAN. However, if a dynamically added port does not
receive any traffic for the VLAN’s protocol within ten minutes, the port is removed from the VLAN. However, the
port remains a candidate for port membership. Thus, if the port receives traffic for the VLAN’s protocol, the device
adds the port back to the VLAN.
After the port is added back to the VLAN, the port can remain an active member of the VLAN up to 20 minutes
without receiving traffic for the VLAN’s protocol. If the port ages out, it remains a candidate for VLAN membership
and is added back to the VLAN when the VLAN receives protocol traffic. At this point, the port can remain in the
VLAN up to 20 minutes without receiving traffic for the VLAN’s protocol, and so on.
Unless you explicitly add a port statically or exclude a port, the port is a dynamic port and thus can be an active
member of the VLAN, depending on the traffic it receives.
NOTE: You cannot configure dynamic ports in an AppleTalk cable VLAN. The ports in an AppleTalk cable VLAN
must be static. However, ports in an AppleTalk protocol VLAN can be dynamic or static.
Figure 11.7 shows an example of a VLAN with dynamic ports. Dynamic ports not only join and leave the VLAN
according to traffic, but also allow some broadcast packets of the specific protocol to “leak” through the VLAN.
See “Broadcast Leaks” on page 11-10.
Figure 11.7 VLAN with dynamic ports—all ports are active when you create the VLAN
June 2005 11 - 9
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Ports in a new protocol VLAN that do not receive traffic for the VLAN’s protocol age out after 10 minutes and
become candidate ports. Figure 11.8 shows what happens if a candidate port receives traffic for the VLAN’s
protocol.
Figure 11.8 VLAN with dynamic ports—candidate ports become active again if they receive protocol traffic
Static Ports
Static ports are permanent members of the protocol VLAN. The ports remain active members of the VLAN
regardless of whether the ports receive traffic for the VLAN’s protocol. You must explicitly identify the port as a
static port when you add it to the VLAN. Otherwise, the port is dynamic and is subject to aging out.
Excluded Ports
If you want to prevent a port in a port-based VLAN from ever becoming a member of a protocol, IP subnet, IPX
network, or AppleTalk cable VLAN configured in the port-based VLAN, you can explicitly exclude the port. You
exclude the port when you configure the protocol, IP subnet, IPX network, or AppleTalk cable VLAN.
Excluded ports do not leak broadcast packets. See “Broadcast Leaks” on page 11-10.
Broadcast Leaks
A dynamic port becomes a member of a Layer 3 protocol VLAN when traffic from the VLAN's protocol is received
on the port. After this point, the port remains an active member of the protocol VLAN, unless the port does not
receive traffic from the VLAN's protocol for 20 minutes. If the port does not receive traffic for the VLAN's protocol
for 20 minutes, the port ages out and is no longer an active member of the VLAN.
To enable a host that has been silent for awhile to send and receive packets, the dynamic ports that are currently
members of the Layer 3 protocol VLAN "leak" Layer 3 broadcast packets to the ports that have aged out. When a
host connected to one of the aged out ports responds to a leaked broadcast, the port is added to the protocol
VLAN again.
To "leak" Layer 3 broadcast traffic, an active port sends 1/8th of the Layer 3 broadcast traffic to the inactive (aged
out) ports.
Static ports do not age out and do not leak broadcast packets.
11 - 10 June 2005
Configuring Virtual LANs (VLANs)
provide a private, dedicated Ethernet connection for an individual client to transparently reach its subnet across
multiple networks.
For an application example and configuration information, see “Configuring Super Aggregated VLANs” on
page 11-42.
NOTE: You cannot have a protocol-based VLAN and a subnet or network VLAN of the same protocol type in the
same port-based VLAN. For example, you can have an IPX protocol VLAN and IP subnet VLAN in the same port-
based VLAN, but you cannot have an IP protocol VLAN and an IP subnet VLAN in the same port-based VLAN,
nor can you have an IPX protocol VLAN and an IPX network VLAN in the same port-based VLAN.
As an HP device receives packets, the VLAN classification starts from the highest level VLAN first. Therefore, if
an interface is configured as a member of both a port-based VLAN and an IP protocol VLAN, IP packets coming
into the interface are classified as members of the IP protocol VLAN because that VLAN is higher in the VLAN
hierarchy.
Multiple VLAN Membership Rules
• A port can belong to multiple, unique, overlapping Layer 3 protocol-based VLANs without VLAN tagging.
• A port can belong to multiple, overlapping Layer 2 port-based VLANs only if the port is a tagged port. Packets
sent out of a tagged port use an 802.1q-tagged frame.
• When both port and protocol-based VLANs are configured on a given device, all protocol VLANs must be
strictly contained within a port-based VLAN. A protocol VLAN cannot include ports from multiple port-based
VLANs. This rule is required to ensure that port-based VLANs remain loop-free Layer 2 broadcast domains.
• IP protocol VLANs and IP subnet VLANs cannot operate concurrently on the system or within the same port-
based VLAN.
• IPX protocol VLANs and IPX network VLANs cannot operate concurrently on the system or within the same
port-based VLAN.
• If you first configure IP and IPX protocol VLANs before deciding to partition the network by IP subnet and IPX
network VLANs, then you need to delete those VLANs before creating the IP subnet and IPX network VLANs.
• Removing a configured port-based VLAN from a Hewlett-Packard Routing Switch automatically removes any
protocol-based VLAN, IP subnet VLAN, AppleTalk cable VLAN, or IPX network VLAN, or any Virtual Ethernet
router interfaces defined within the Port-based VLAN.
June 2005 11 - 11
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
11 - 12 June 2005
Configuring Virtual LANs (VLANs)
NOTE: Changing the default VLAN name does not change the properties of the default VLAN. Changing the
name allows you to use the VLAN ID “1” as a configurable VLAN.
June 2005 11 - 13
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
9308M
To create the two port-based VLANs shown in Figure 11.9, use the following method.
USING THE CLI
ProCurveRS(config)# vlan 222 by port
ProCurveRS(config-vlan-222)# untag e 1/1 to 1/4
ProCurveRS(config-vlan-222)# vlan 333 by port
ProCurveRS(config-vlan-333)# untag e 1/5 to 1/8
Syntax: vlan <vlan-id> by port
Syntax: untagged ethernet <portnum> [to <portnum> | ethernet <portnum>]
EXAMPLE:
Figure 11.10 shows a more complex port-based VLAN configuration using multiple Routing Switches and IEEE
802.1q VLAN tagging. The backbone link connecting the three Routing Switches is tagged. One untagged port
within each port-based VLAN on 9308M-A connects each separate network wide Layer 2 broadcast domain to the
Routing Switch for Layer 3 forwarding between broadcast domains. The STP priority is configured to force
9308M-A to be the root bridge for VLANs RED and BLUE. The STP priority on 9308M-B is configured so that
9308M-B is the root bridge for VLANs GREEN and BROWN.
11 - 14 June 2005
Configuring Virtual LANs (VLANs)
VLAN “BROWN”
VLAN “GREEN”
9304M
IP sub-net 1 IP sub-net 2
IPX network 1 IPX network 2
Atalk 100.1 Atalk 200.1
Zone “A” Zone “B”
VLAN 2 VLAN 3
“BROWN” “GREEN”
Ports 1/1 - 1/3 Ports 1/6 - 1/8
IP sub 1 IP sub 2
IPX net 1 IPX net 2
Atalk 100 Atalk 200
Zone “A” Zone “B”
To configure the Port-based VLANs on the 9308M Routing Switches in Figure 11.10, use the following method.
USING THE CLI
Configuring 9308M-A
Enter the following commands to configure 9308M-A:
ProCurveRS> enable
ProCurveRS# configure terminal
ProCurveRS(config)# hostname HP9308-A
HP9308-A(config)# vlan 2 name BROWN
HP9308-A(config-vlan-2)# untag ethernet 1/1 to 1/4 ethernet 1/17
HP9308-A(config-vlan-2)# tag ethernet 1/25 to 1/26
HP9308-A(config-vlan-2)# spanning-tree
HP9308-A(config-vlan-2)# vlan 3 name GREEN
HP9308-A(config-vlan-3)# untag ethernet 1/5 to 1/8 ethernet 1/18
HP9308-A(config-vlan-3)# tag ethernet 1/25 to 1/26
HP9308-A(config-vlan-3)# spanning-tree
HP9308-A(config-vlan-3)# vlan 4 name BLUE
HP9308-A(config-vlan-4)# untag ethernet 1/9 to 1/12 ethernet 1/19
HP9308-A(config-vlan-4)# tag ethernet 1/25 to 1/26
HP9308-A(config-vlan-4)# spanning-tree
June 2005 11 - 15
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
11 - 16 June 2005
Configuring Virtual LANs (VLANs)
June 2005 11 - 17
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
HP9308-A(config-vlan-4)#
4. Enter the following commands to exit the VLAN CONFIG mode and save the configuration to the system-
config file on flash memory:
HP9308-A(config-vlan-4)#
HP9308-A(config-vlan-4)# end
HP9308-A# write memory
HP9308-A#
NOTE: Beginning in software release 07.5.04, you can remove all the ports from a port-based VLAN without
losing the rest of the VLAN’s configuration. However, you cannot configure an IP address on a virtual routing
interface unless the VLAN contains ports. If the VLAN has a virtual routing interface, the virtual routing interface’s
IP address is deleted when the ports associated with the interface are deleted. The rest of the VLAN configuration
is retained.
In software releases earlier than 07.5.04, if you remove all the ports from a VLAN, the software removes the VLAN
configuration entirely.
11 - 18 June 2005
Configuring Virtual LANs (VLANs)
NOTE: When port-based VLANs are not operating on the system, STP is set on a system-wide level at the
global CONFIG level of the CLI.
NOTE: You do not need to configure values for the STP parameters. All parameters have default values as
noted below. Additionally, all values will be globally applied to all ports on the system or on the port-based VLAN
for which they are defined.
To configure a specific path-cost or priority value for a given port, enter those values using the key words in the
brackets [ ] shown in the syntax summary below. If you do not want to specify values for any given port, this
portion of the command is not required.
Syntax: vlan <vlan-id> by port
Syntax: [no] spanning-tree
Syntax: spanning-tree [ethernet <portnum> path-cost <value> priority <value>] forward-delay <value>
hello-time <value> maximum-age <time> priority <value>
Bridge STP Parameters (applied to all ports within a VLAN)
• Forward Delay – the period of time a bridge will wait (the listen and learn period) before forwarding data
packets. Possible values: 4 – 30 seconds. Default is 15.
• Maximum Age – the interval a bridge will wait for receipt of a hello packet before initiating a topology change.
Possible values: 6 – 40 seconds. Default is 20.
• Hello Time – the interval of time between each configuration BPDU sent by the root bridge. Possible values:
1 – 10 seconds. Default is 2.
• Priority – a parameter used to identify the root bridge in a network. The bridge with the lowest value has the
highest priority and is the root. Possible values: 1 – 65,535. Default is 32,678.
June 2005 11 - 19
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: See “Configuring AppleTalk Cable VLANs” on page 11-28 for information about configuring an AppleTalk
cable VLAN.
Configuration Example
Suppose you want to create five separate Layer 3 broadcast domains within a single Layer 2 STP broadcast
domain:
• Three broadcast domains, one for each of three separate IP subnets
• One for IPX Network 1
• One for the Appletalk protocol
Also suppose you want a single router interface to be present within all of these separate broadcast domains,
without using IEEE 802.1q VLAN tagging or any proprietary form of VLAN tagging.
Figure 11.11 shows this configuration.
IP sub-net 1
9308M
IP sub-net 2
Port 1/8
IPX network 1 IP sub-net 1
IP sub-net 2
IPX network 1
AppleTalk cable 100
AppleTalk cable 100
port 1/8
9304M
Ports 1/1 - 1/3, 1/8 Ports 1/1 - 1/6, 1/8 Ports 1/4 - 1/6, 1/8
Ports 1/4 - 1/6, 1/8
IP sub-net 1 IPX network 1 AppleTalk
IP sub-net 2
cable 100
11 - 20 June 2005
Configuring Virtual LANs (VLANs)
To configure the VLANs shown in Figure 11.11, use the following procedure.
USING THE CLI
1. To permanently assign ports 1/1 – 1/8 and port 1/25 to IP subnet VLAN 1.1.1.0, enter the following
commands:
HP9304> en
No password has been assigned yet...
HP9304# config t
HP9304(config)#
HP9304(config)# ip-subnet 1.1.1.0/24 name Green
HP9304(config-ip-subnet)# no dynamic
HP9304(config-ip-subnet)# static ethernet 1/1 to 1/8 ethernet 1/25
2. To permanently assign ports 1/9 – 1/16 and port 1/25 to IP subnet VLAN 1.1.2.0, enter the following
commands:
HP9304(config-ip-subnet)# ip-subnet 1.1.2.0/24 name Yellow
HP9304(config-ip-subnet)# no dynamic
HP9304(config-ip-subnet)# static ethernet 1/9 to 1/16 ethernet 1/25
3. To permanently assign ports 1/17 – 1/25 to IP subnet VLAN 1.1.3.0, enter the following commands:
HP9304(config-ip-subnet)# ip-subnet 1.1.3.0/24 name Brown
HP9304(config-ip-subnet)# no dynamic
HP9304(config-ip-subnet)# static ethernet 1/17 to 1/25
4. To permanently assign ports 1/1 – 1/12 and port 1/25 to IPX network 1 VLAN, enter the following commands:
HP9304(config-ip-subnet)# ipx-network 1 ethernet_802.3 name Blue
HP9304(config-ipx-network)# no dynamic
HP9304(config-ipx-network)# static ethernet 1/1 to 1/12 ethernet 1/25
HP9304(config-ipx-network)#
5. To permanently assign ports 1/12 – 1/25 to Appletalk VLAN, enter the following commands:
HP9304(config-ipx-proto)# atalk-proto name Red
HP9304(config-atalk-proto)# no dynamic
HP9304(config-atalk-proto)# static ethernet 1/13 to 1/25
HP9304(config-atalk-proto)# end
HP9304# write memory
HP9304#
Syntax: ip-subnet <ip-addr> <ip-mask> [name <string>]
Syntax: ipx-network <ipx-network-number> <frame-encapsulation-type> netbios-allow | netbios-disallow
[name <string>]
Syntax: ip-proto | ipx-proto | atalk-proto | decnet-proto | netbios-proto | other-proto
static | exclude | dynamic
ethernet <portnum> [to <portnum>] [name <string>]
June 2005 11 - 21
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
You also need to create unique IP subnets and IPX networks within VLAN 2 and VLAN 3 at each building. This
will create a fully routed IP and IPX backbone for VLAN 2 and VLAN 3. However, VLAN 4 has no protocol
restrictions across the backbone. In fact there are requirements for NetBIOS and DecNet to be bridged among
the three building locations. The IP subnet and IPX network that exists within VLAN 4 must remain a flat Layer 2
switched STP domain. You enable routing for IP and IPX on a virtual routing interface only on HP9304-A. This
will provide the flat IP and IPX segment with connectivity to the rest of the network. Within VLAN 4 IP and IPX will
follow the STP topology. All other IP subnets and IPX networks will be fully routed and have use of all paths at all
times during normal operation.
Figure 11.12 shows the configuration described above.
11 - 22 June 2005
Configuring Virtual LANs (VLANs)
VLAN 2 VLAN 6
VLAN 3 VLAN 7
VLAN 4 VLAN 8
9304 A VE 4, VE 5 9304 B
VE 4, VE 6 VE 4, VE 7
(STP is blocking VE 4)
9304 C
To configure the Layer 3 VLANs and virtual routing interfaces on the 9304M Routing Switch in Figure 11.12, use
the following procedure.
June 2005 11 - 23
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
11 - 24 June 2005
Configuring Virtual LANs (VLANs)
HP9304-A(config-vlan-3)# no spanning-tree
HP9304-A(config-vlan-3)# ip-subnet 1.1.1.0/24
HP9304-A(config-vlan-ip-subnet)# static e 1/9 to 1/12
HP9304-A(config-vlan-ip-subnet)# router-interface ve3
HP9304-A(config-vlan-ip-subnet)# ipx-network 1 ethernet_802.3
HP9304-A(config-vlan-ipx-network)# static e 1/13 to 1/16
HP9304-A(config-vlan-ipx-network)# router-interface ve4
HP9304-A(config-vlan-ipx-network)# other-proto name block-other-protocols
HP9304-A(config-vlan-other-proto)# exclude e 1/9 to 1/16
HP9304-A(config-vlan-other-proto)# no dynamic
HP9304-A(config-vlan-other-proto)# interface ve 3
HP9304-A(config-vif-3)# ip addr 1.1.1.1/24
HP9304-A(config-vif-3)# ip ospf area 0.0.0.0
HP9304-A(config-vif-3)# int ve4
HP9304-A(config-vif-4)# ipx network 1 ethernet_802.3
HP9304-A(config-vif-4)#
Now configure VLAN 4. Remember this is a flat segment that, in the previous example, obtained its IP default
gateway and IPX router services from an external 9304M. In this example, HP9304-A will provide the routing
services for VLAN 4. You also want to configure the STP priority for VLAN 4 to make HP9304-A the root bridge
for this VLAN.
HP9304-A(config-vif-4)# vlan 4 name Bridged_ALL_Protocols
HP9304-A(config-vlan-4)# untag ethernet 1/17 to 1/24
HP9304-A(config-vlan-4)# tag ethernet 1/25 to 1/26
HP9304-A(config-vlan-4)# spanning-tree
HP9304-A(config-vlan-4)# spanning-tree priority 500
HP9304-A(config-vlan-4)# router-interface ve5
HP9304-A(config-vlan-4)# int ve5
HP9304-A(config-vif-5)# ip address 1.1.3.1/24
HP9304-A(config-vif-5)# ip ospf area 0.0.0.0
HP9304-A(config-vif-5)# ipx network 3 ethernet_802.3
HP9304-A(config-vif-5)#
It is time to configure a separate port-based VLAN for each of the routed backbone ports (Ethernet 25 and 26).
If you do not create a separate tagged port-based VLAN for each point-to-point backbone link, you need to include
tagged interfaces for Ethernet 25 and 26 within VLANs 2, 3, and 8. This type of configuration makes the entire
backbone a single STP domain for each VLAN 2, 3, and 8. This is the configuration used in the example in
“Configuring IP Subnet, IPX Network and Protocol-Based VLANs” on page 11-20. In this scenario, the virtual
routing interfaces within port-based VLANs 2, 3, and 8 will be accessible using only one path through the network.
The path that is blocked by STP is not available to the routing protocols until it is in the STP FORWARDING state.
HP9304-A(config-vif-5)# vlan 5 name Rtr_BB_to_Bldg.2
HP9304-A(config-vlan-5)# tag e 1/25
HP9304-A(config-vlan-5)# no spanning-tree
HP9304-A(config-vlan-5)# router-interface ve6
HP9304-A(config-vlan-5)# vlan 6 name Rtr_BB_to_Bldg.3
HP9304-A(config-vlan-6)# tag ethernet 1/26
HP9304-A(config-vlan-6)# no spanning-tree
HP9304-A(config-vlan-6)# router-interface ve7
HP9304-A(config-vlan-6)# int ve6
HP9304-A(config-vif-6)# ip addr 1.1.4.1/24
HP9304-A(config-vif-6)# ip ospf area 0.0.0.0
HP9304-A(config-vif-6)# ipx network 4 ethernet_802.3
HP9304-A(config-vif-6)# int ve7
HP9304-A(config-vif-7)# ip addr 1.1.5.1/24
HP9304-A(config-vif-7)# ip ospf area 0.0.0.0
HP9304-A(config-vif-7)# ipx network 5 ethernet_802.3
HP9304-A(config-vif-7)#
June 2005 11 - 25
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
This completes the configuration for HP9304-A. The configuration for HP9304-B and C is very similar except for a
few issues.
• IP subnets and IPX networks configured on HP9304-B and HP9304-C must be unique across the entire
network, except for the backbone port-based VLANs 5, 6, and 7 where the subnet is the same but the IP
address must change.
• There is no need to change the default priority of STP within VLAN 4.
• There is no need to include a virtual router interface within VLAN 4.
• The backbone VLAN between HP9304-B and HP9304-C must be the same at both ends and requires a new
VLAN ID. The VLAN ID for this port-based VLAN is VLAN 7.
Configuration for HP9304-B
Enter the following commands to configure HP9304-B.
HP9304> en
No password has been assigned yet...
HP9304# config t
HP9304(config)# hostname HP9304-B
HP9304-B(config)# router ospf
HP9304-B(config-ospf-router)# area 0.0.0.0 normal
HP9304-B(config-ospf-router)# router ipx
HP9304-B(config-ospf-router)# vlan 2 name IP-Subnet_1.1.6.0/24
HP9304-B(config-vlan-2)# untag e 1/1 to 1/4
HP9304-B(config-vlan-2)# no spanning-tree
HP9304-B(config-vlan-2)# router-interface ve1
HP9304-B(config-vlan-2)# other-proto name block-other-protocols
HP9304-B(config-vlan-other-proto)# no dynamic
HP9304-B(config-vlan-other-proto)# exclude e 1/1 to 1/4
HP9304-B(config-vlan-other-proto)# int ve1
HP9304-B(config-vif-1)# ip addr 1.1.6.1/24
HP9304-B(config-vif-1)# ip ospf area 0.0.0.0
HP9304-B(config-vif-1)# vlan 8 name IPX_Network6
HP9304-B(config-vlan-8)# untag e 1/5 to 1/8
HP9304-B(config-vlan-8)# no span
HP9304-B(config-vlan-8)# router-int ve2
HP9304-B(config-vlan-8)# other-proto name block-other-protocols
HP9304-B(config-vlan-other-proto)# no dynamic
HP9304-B(config-vlan-other-proto)# exclude e 1/5 to 1/8
HP9304-B(config-vlan-other-proto)# int ve2
HP9304-B(config-vif-2)# ipx net 6 ethernet_802.3
HP9304-B(config-vif-2)# vlan 3 name IP_Sub_&_IPX_Net_VLAN
HP9304-B(config-vlan-3)# untag e 1/9 to 1/16
HP9304-B(config-vlan-3)# no spanning-tree
HP9304-B(config-vlan-3)# ip-subnet 1.1.7.0/24
HP9304-B(config-vlan-ip-subnet)# static e 1/9 to 1/12
HP9304-B(config-vlan-ip-subnet)# router-interface ve3
HP9304-B(config-vlan-ip-subnet)# ipx-network 7 ethernet_802.3
HP9304-B(config-vlan-ipx-network)# static e 1/13 to 1/16
HP9304-B(config-vlan-ipx-network)# router-interface ve4
HP9304-B(config-vlan-ipx-network)# other-proto name block-other-protocols
HP9304-B(config-vlan-other-proto)# exclude e 1/9 to 1/16
HP9304-B(config-vlan-other-proto)# no dynamic
HP9304-B(config-vlan-other-proto)# interface ve 3
HP9304-B(config-vif-3)# ip addr 1.1.7.1/24
HP9304-B(config-vif-3)# ip ospf area 0.0.0.0
HP9304-B(config-vif-3)# int ve4
HP9304-B(config-vif-4)# ipx network 7 ethernet_802.3
HP9304-B(config-vif-4)# vlan 4 name Bridged_ALL_Protocols
11 - 26 June 2005
Configuring Virtual LANs (VLANs)
June 2005 11 - 27
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Configuration Guidelines
Use the following guidelines when configuring AppleTalk cable VLANs:
• Up to eight AppleTalk cable VLANs are supported in a protocol-based VLAN. Each VLAN must be numbered
from 1 – 8.
• Each AppleTalk cable VLAN can have only one router interface. The router interface must be a virtual routing
interface.
• The AppleTalk cable VLANs cannot overlap. Thus, you cannot use the same port in more than one
AppleTalk cable VLAN.
• You must add the ports to the AppleTalk cable VLAN using the static option. You cannot use the dynamic or
exclude options.
• You cannot have an AppleTalk cable VLAN and an AppleTalk protocol VLAN in the same port-based VLAN.
If you already have an AppleTalk protocol VLAN in the port-based VLAN, you must delete the AppleTalk
protocol VLAN first, then configure the AppleTalk cable VLAN.
11 - 28 June 2005
Configuring Virtual LANs (VLANs)
Configuration Example
Figure 11.13 shows an example of an 9308M Routing Switch with four AppleTalk cable VLANs configured on a
single port-based VLAN. In this example, port-based VLAN 10 is configured, then AppleTalk cable VLANs are
configured on ports on chassis modules 2 and 3. Each virtual routing interface (ve1, ve2, ve3, and ve4) is then
configured with AppleTalk routing information for the cable VLAN.
HP 9308M
Routing Switch
Port-based VLAN 10
ve1 ve2
address 10.1 address 20.1
cable range 10 - 19 cable range 20 - 29
Zone AA Zone BB
ve3 ve4
address 30.1 address 40.1
cable range 30 - 39 cable range 40 - 49
Zone CC Zone DD
June 2005 11 - 29
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
11 - 30 June 2005
Configuring Virtual LANs (VLANs)
NOTE: The software does not support dynamically adding ports to AppleTalk cable VLANs. Conceptually, an
AppleTalk cable VLAN consists of a single network cable, connected to a single port. Therefore, dynamic addition
and removal of ports is not applicable.
NOTE: You cannot route to or from protocol VLANs with dynamically added ports.
Configuration Guidelines
• You cannot dynamically add a port to a protocol VLAN if the port has any routing configuration parameters.
For example, the port cannot have a virtual routing interface, IP subnet address, IPX network address, or
AppleTalk network address configured on it.
• Once you dynamically add a port to a protocol VLAN, you cannot configure routing parameters on the port.
• Dynamic VLAN ports are not required or supported on AppleTalk cable VLANs.
June 2005 11 - 31
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: Use the first untagged command for adding a range of ports. Use the second command for adding
separate ports (not in a range).
NOTE: Use the first untagged command for adding a range of ports. Use the second command for adding
separate ports (not in a range).
11 - 32 June 2005
Configuring Virtual LANs (VLANs)
NOTE: Use the first untagged command for adding a range of ports. Use the second command for adding
separate ports (not in a range).
June 2005 11 - 33
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
address to each virtual routing interface. The IP address on each of the virtual routing interfaces must be in a
separate subnet. The HP device routes Layer 3 traffic between the subnets using the subnet addresses.
NOTE: Before using the method described in this section, see “Configuring VLAN Groups and Virtual Routing
Interface Groups” on page 11-38. You might be able to achieve the results you want using the methods in that
section instead.
VLAN 2
VLAN 3
VLAN 4
HP 9304M or 9308M
Routing Switch
VLAN 4
VLAN 2 VLAN 3
VE 3
VE 1 VE 2
-IP 10.0.2.1/24
-IP 10.0.0.1/24 -IP 10.0.1.1/24
As shown in this example, each VLAN has a separate IP subnet address. If you need to conserve IP subnet
addresses, you can configure multiple VLANs with the same IP subnet address, as shown in Figure 11.15.
11 - 34 June 2005
Configuring Virtual LANs (VLANs)
Figure 11.15 Multiple port-based VLANs with the same protocol address
VLAN 2
VLAN 3
VLAN 4
HP 9304M or 9308M
Routing Switch
VLAN 4
VLAN 2 VLAN 3
VE 3
VE 1 VE 2
-Follow VE 1
-IP 10.0.0.1/24 -Follow VE 1
Each VLAN still requires a separate virtual routing interface. However, all three VLANs now use the same IP
subnet address.
In addition to conserving IP subnet addresses, this feature allows containment of Layer 2 broadcasts to segments
within an IP subnet. For ISP environments where the same IP subnet is allocated to different customers, placing
each customer in a separate VLAN allows all customers to share the IP subnet address, while at the same time
isolating them from one another’s Layer 2 broadcasts.
NOTE: You can provide redundancy to an IP subnet address that contains multiple VLANs using a pair of
ProCurve Routing Switches configured for HP’s VRRP (Virtual Router Redundancy Protocol).
The ProCurve device performs proxy Address Resolution Protocol (ARP) for hosts that want to send IP traffic to
hosts in other VLANs that are sharing the same IP subnet address. If the source and destination hosts are in the
same VLAN, the HP device does not need to use ARP.
• If a host attached to one VLAN sends an ARP message for the MAC address of a host in one of the other
VLANs using the same IP subnet address, the HP device performs a proxy ARP on behalf of the other host.
The HP device then replies to the ARP by sending the virtual routing interface MAC address. The HP device
uses the same MAC address for all virtual routing interfaces.
When the host that sent the ARP then sends a unicast packet addressed to the virtual routing interface’s
MAC address, the device switches the packet on Layer 3 to the destination host on the VLAN.
June 2005 11 - 35
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: If the HP device’s ARP table does not contain the requested host, the HP device forwards the ARP
request on Layer 2 to the same VLAN as the one that received the ARP request. Then the device sends an
ARP for the destination to the other VLANs that are using the same IP subnet address.
• If the destination is in the same VLAN as the source, the HP device does not need to perform a proxy ARP.
To configure multiple VLANs to use the same IP subnet address:
• Configure each VLAN, including adding tagged or untagged ports.
• Configure a separate virtual routing interface for each VLAN, but do not add an IP subnet address to more
than one of the virtual routing interfaces.
• Configure the virtual routing interfaces that do not have the IP subnet address to “follow” the virtual routing
interface that does have the address.
To configure the VLANs shown in Figure 11.15, you could enter the following commands.
ProCurveRS(config)# vlan 1 by port
ProCurveRS(config-vlan-1)# untag ethernet 1/1
ProCurveRS(config-vlan-1)# tag ethernet 1/8
ProCurveRS(config-vlan-1)# router-interface ve 1
Syntax: ip follow ve <num>
The commands above configure port-based VLAN 1. The VLAN has one untagged port (1/1) and a tagged port
(1/8). In this example, all three VLANs contain port 1/8 so the port must be tagged to allow the port to be in
multiple VLANs. You can configure VLANs to share a Layer 3 protocol interface regardless of tagging. A
combination of tagged and untagged ports is shown in this example to demonstrate that sharing the interface does
not change other VLAN features.
Notice that each VLAN still requires a unique virtual routing interface.
The following commands configure port-based VLANs 2 and 3.
ProCurveRS(config-vlan-1)# vlan 2 by port
ProCurveRS(config-vlan-2)# untag ethernet 1/2
ProCurveRS(config-vlan-2)# tag ethernet 1/8
ProCurveRS(config-vlan-2)# router-interface ve 2
ProCurveRS(config-vlan-2)# vlan 3 by port
ProCurveRS(config-vlan-3)# untag ethernet 1/5 to 1/6
ProCurveRS(config-vlan-3)# tag ethernet 1/8
ProCurveRS(config-vlan-3)# router-interface ve 3
The following commands configure an IP subnet address on virtual routing interface 1.
ProCurveRS(config-vlan-3)# interface ve 1
ProCurveRS(config-vif-1)# ip address 10.0.0.1/24
The following commands configure virtual routing interfaces 2 and 3 to “follow” the IP subnet address configured
on virtual routing interface 1.
ProCurveRS(config-vif-1)# interface ve 2
ProCurveRS(config-vif-2)# ip follow ve 1
ProCurveRS(config-vif-2)# interface ve 3
ProCurveRS(config-vif-3)# ip follow ve 1
NOTE: Since virtual routing interfaces 2 and 3 do not have their own IP subnet addresses but instead are
“following” virtual routing interface a’s IP address, you still can configure an IPX or AppleTalk interface on virtual
routing interfaces 2 and 3.
11 - 36 June 2005
Configuring Virtual LANs (VLANs)
The IP follower feature allows multiple virtual routing interfaces to share the same IP address. One virtual routing
interface has the IP address and the other virtual routing interfaces are configured to follow the virtual routing
interface that has the address.
By default, the follower interfaces are secured by the ACLs that are applied to the interface that has the address.
In fact, an ACL applied to a follower interface is ignored. For example, if you configure virtual routing interfaces 1,
2, and 3, and configure interfaces 2 and 3 to follow interface 1, then the ACLs applied to interface 1 also apply to
interfaces 2 and 3. Any ACLs applied separately to interface 2 or 3 are ignored.
You can enable a follower virtual routing interface to use the ACLs you apply to it instead of using the ACLs
applied to the interface that has the address. For example, you can enable virtual routing interface 2 to use its
own ACLs instead of using interface 1’s ACLs.
To enable a virtual routing interface to use its own ACLs instead of the ACLs of the interface it is following, enter
the following command at the configuration level for the interface:
ProCurveRS(config-vif-2)# no ip follow acl
Syntax: [no] ip follow acl
The following commands show a complete IP follower configuration. Virtual routing interfaces 2 and 3 have been
configured to share the IP address of virtual routing interface 1, but also have been configured to use their own
ACLs instead of virtual routing interface 1’s ACLs.
ProCurveRS(config)# vlan 1 name primary_vlan
ProCurveRS(config-vlan-1)# untag ethernet 1/1
ProCurveRS(config-vlan-1)# tag ethernet 1/8
ProCurveRS(config-vlan-1)# router-interface ve 1
ProCurveRS(config-vlan-1)# exit
ProCurveRS(config)# interface ve 1
ProCurveRS(config-ve-1)# ip address 10.0.0.1/24
ProCurveRS(config-ve-1)# ip access-group 1 in
ProCurveRS(config-ve-1)# exit
ProCurveRS(config)# vlan 2 name followerA
ProCurveRS(config-vlan-2)# untag ethernet 1/2
ProCurveRS(config-vlan-2)# tag ethernet 1/8
ProCurveRS(config-vlan-2)# router-interface ve 2
ProCurveRS(config-vlan-2)# exit
ProCurveRS(config)# interface ve 2
ProCurveRS(config-ve-2)# ip follow ve 1
ProCurveRS(config-v2-2)# no ip follow acl
ProCurveRS(config-ve-2)# ip access-group 2 in
ProCurveRS(config-ve-2)# exit
ProCurveRS(config)# vlan 3 name followerB
ProCurveRS(config-vlan-3)# untag ethernet 1/5 to 1/6
ProCurveRS(config-vlan-3)# tag ethernet 1/8
ProCurveRS(config-vlan-3)# router-interface ve 3
ProCurveRS(config-vlan-3)# exit
ProCurveRS(config)# interface ve 3
ProCurveRS(config-ve-3)# ip follow ve 1
ProCurveRS(config-ve-3)# no ip follow acl
ProCurveRS(config-ve-3)# ip access-group 3 out
ProCurveRS(config-ve-3)# exit
June 2005 11 - 37
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: VLAN groups are supported on ProCurve Routing Switches with Management 2 or higher modules.
NOTE: VLAN groups and virtual interface groups are supported only on the chassis-based Routing Switches.
When you create a VLAN group, the VLAN parameters you configure for the group apply to all the VLANs within
the group. Additionally, you can easily associate the same IP subnet interface with all the VLANs in a group by
configuring a virtual routing interface group with the same ID as the VLAN group.
• The VLAN group feature allows you to create multiple port-based VLANs with identical port members. Since
the member ports are shared by all the VLANs within the group, you must add the ports as tagged ports. This
feature not only simplifies VLAN configuration but also allows you to have a large number of identically
configured VLANs in a startup-config file on the device’s flash memory module. Normally, a startup-config file
with a large number of VLANs might not fit on the flash memory module. By grouping the identically
configured VLANs, you can conserve space in the startup-config file so that it fits on the flash memory
module.
• The virtual routing interface group feature is useful when you want to configure the same IP subnet address
on all the port-based VLANs within a VLAN group. You can configure a virtual routing interface group only
after you configure a VLAN group with the same ID. The virtual routing interface group automatically applies
to the VLANs in the VLAN group that has the same ID and cannot be applied to other VLAN groups or to
individual VLANs.
You can create up to 32 VLAN groups and 32 virtual routing interface groups. A virtual routing interface group
always applies only to the VLANs in the VLAN group with the same ID.
NOTE: Depending on the size of the VLAN ID range you want to use for the VLAN group, you might need to
allocate additional memory for VLANs. On Routing Switches, if you allocate additional memory for VLANs, you
also need to allocate the same amount of memory for virtual routing interfaces. This is true regardless of whether
you use the virtual routing interface groups. To allocate additional memory, see “Allocating Memory for More
VLANs or Virtual Routing Interfaces” on page 11-41.
11 - 38 June 2005
Configuring Virtual LANs (VLANs)
NOTE: The device’s memory must be configured to contain at least the number of VLANs you specify for the
higher end of the range. For example, if you specify 2048 as the VLAN ID at the high end of the range, you first
must increase the memory allocation for VLANs to 2048 or higher. Additionally, on Routing Switches, if you
allocate additional memory for VLANs, you also need to allocate the same amount of memory for virtual routing
interfaces, before you configure the VLAN groups. This is true regardless of whether you use the virtual routing
interface groups. The memory allocation is required because the VLAN groups and virtual routing interface
groups have a one-to-one mapping. See “Allocating Memory for More VLANs or Virtual Routing Interfaces” on
page 11-41.
If a VLAN within the range you specify is already configured, the CLI does not add the group but instead displays
an error message. In this case, create the group by specifying a valid contiguous range. Then add more VLANs
to the group after the CLI changes to the configuration level for the group. See the following example.
You can add and remove individual VLANs or VLAN ranges from at the VLAN group configuration level. For
example, if you want to add VLANs 1001 and 1002 to VLAN group 1 and remove VLANs 900 through 1000, enter
the following commands:
ProCurveRS(config-vlan-group-1)# add-vlan 1001 to 1002
ProCurveRS(config-vlan-group-1)# remove-vlan 900 to 1000
Syntax: add-vlan <vlan-id> [to <vlan-id>]
Syntax: remove-vlan <vlan-id> [to <vlan-id>]
USING THE WEB MANAGEMENT INTERFACE
You cannot configure this feature using the Web management interface.
Displaying Information about VLAN Groups
To display VLAN group configuration information, enter the following command:
ProCurveRS# show vlan-group
vlan-group 1 vlan 2 to 20
tagged ethe 1/1 to 1/2
!
vlan-group 2 vlan 21 to 40
tagged ethe 1/1 to 1/2
!
Syntax: show vlan-group [<group-id>]
This example shows configuration information for two VLAN groups, group 1 and group 2.
The <group-id> specifies a VLAN group. If you do not use this parameter, the configuration information for all the
configured VLAN groups is displayed.
NOTE: When you configure a virtual routing interface group, all members of the group have the same IP subnet
address. This feature is useful in collocation environments where the device has many IP addresses and you
want to conserve the IP address space.
June 2005 11 - 39
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
ProCurveRS(config-vlan-group-1)# exit
ProCurveRS(config)# interface group-ve 1
ProCurveRS(config-vif-group-1)# ip address 10.10.10.1/24
These commands enable VLAN group 1 to have a group virtual routing interface, then configure virtual routing
interface group 1. The software always associates a virtual routing interface group only with the VLAN group that
has the same ID. In this example, the VLAN group ID is 1, so the corresponding virtual routing interface group
also must have ID 1.
Syntax: group-router-interface
Syntax: interface group-ve <num>
Syntax: [no] ip address <ip-addr> <ip-mask> [secondary]
or
Syntax: [no] ip address <ip-addr>/<mask-bits> [secondary]
The router-interface-group command enables a VLAN group to use a virtual routing interface group. Enter this
command at the configuration level for the VLAN group. This command configures the VLAN group to use the
virtual routing interface group that has the same ID as the VLAN group. You can enter this command when you
configure the VLAN group for the first time or later, after you have added tagged ports to the VLAN and so on.
The <num> parameter in the interface group-ve <num> command specifies the ID of the VLAN group with which
you want to associate this virtual routing interface group. The VLAN group must already be configured and
enabled to use a virtual routing interface group. The software automatically associates the virtual routing interface
group with the VLAN group that has the same ID. You can associate a virtual routing interface group only with the
VLAN group that has the same ID.
The syntax and usage for the ip address command is the same as when you use the command at the interface
level to add an IP interface.
USING THE WEB MANAGEMENT INTERFACE
You cannot configure this feature using the Web management interface.
Displaying the VLAN Group and Virtual Routing Interface Group Information
To verify configuration of VLAN groups and virtual routing interface groups, display the running-config file. If you
have saved the configuration to the startup-config file, you also can verify the configuration by displaying the
startup-config file. The following example shows the running-config information for the VLAN group and virtual
routing interface group configured in the previous examples. The information appears in the same way in the
startup-config file.
ProCurveRS(config)# show running-config
interface group-ve 1
ip address 10.10.10.1 255.255.255.0
NOTE: If you have enabled display of subnet masks in CIDR notation, the IP address information is shown as
follows: 10.10.10.1/24.
11 - 40 June 2005
Configuring Virtual LANs (VLANs)
NOTE: If many of your VLANs will have an identical configuration, you might want to configure VLAN groups and
virtual routing interface groups after you increase the system capacity for VLANs and virtual routing interfaces.
See “Configuring VLAN Groups and Virtual Routing Interface Groups” on page 11-38.
NOTE: Although you can specify up to 4095 VLANs, you can configure only 4094 VLANs. VLAN ID 4094 is
reserved for use by the Single Spanning Tree feature.
June 2005 11 - 41
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
2. Select the Max-Parameter link to display the Configure System Parameter Maximum Value table. This table
lists the settings and valid ranges for all the configurable table sizes on the device.
3. Click the Modify button next to the row for the parameter (in this case, “vlan”).
4. Enter the new value for the table size. The value you enter specifies the maximum number of entries the
table can hold.
5. Click Apply to save the changes to the device’s running-config.
6. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
7. Click on the plus sign next to Command in the tree view to list the command options.
8. Select the Reload link and select Yes when the Web management interface asks you whether you really want
to reload the software. Changes to cache and table sizes do not take effect until you reload the software.
Increasing the Number of Virtual Routing Interfaces You Can Configure
To increase the size of the virtual routing interface table, which determines how many virtual routing interfaces you
can configure, use either of the following methods.
USING THE CLI
To increase the maximum number of virtual routing interfaces you can configure, enter commands such as the
following at the global CONFIG level of the CLI:
ProCurveRS(config)# system-max virtual-interface 4095
ProCurveRS(config)# write memory
ProCurveRS(config)# end
ProCurveRS# reload
Syntax: system-max virtual-interface <num>
The <num> parameter indicates the maximum number of virtual routing interfaces. The range of valid values
depends on the device you are configuring. See .
USING THE WEB MANAGEMENT INTERFACE
See the Web management procedure for increasing the VLAN table size, in “Increasing the Number of VLANs
You Can Configure” on page 11-41.
11 - 42 June 2005
Configuring Virtual LANs (VLANs)
Client 1
192.168.1.69/24
sub-net
192.168.1.0/24
Each client connected to the edge device is in its own port-based VLAN. All the clients’ VLANs are aggregated by
the edge device into a single VLAN for connection to the core.
The device that aggregates the VLANs forwards the aggregated VLAN traffic through the core. The core can
consist of multiple devices that forward the aggregated VLAN traffic. The edge device at the other end of the core
separates the aggregated VLANs into the individual client VLANs before forwarding the traffic. The edge devices
forward the individual client traffic to the clients. For the clients’ perspective, the channel is a direct point-to-point
link.
Figure 11.17 shows an example application that uses aggregated VLANs. This configuration includes the client
connections shown in Figure 11.16.
June 2005 11 - 43
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Client 1
192.168.1.69/24 209.157.2.12/24
Device A Device B
Tag Type 8100 Port 2/1 Port 2/1 Tag Type 8100
Tagged Tagged
Device C
Tag Type 9100
VLAN Aggregation
Enabled Port 4/1
Tagged
Port 4/1
Tagged
Device D
Tag Type 9100
VLAN Aggregation
Enabled
Device E Device F
Tag Type 8100 Ports 1/1 - 1/5 Ports 1/1 - 1/5 Tag Type 8100
Untagged Untagged
192.168.1.129/24
In this example, a collocation service provides private channels for multiple clients. Although the same devices
are used for all the clients, the VLANs ensure that each client receives its own Layer 2 broadcast domain,
separate from the broadcast domains of other clients. For example, client 1 cannot ping client 5.
The clients at each end of a channel appear to each other to be directly connected and thus can be on the same
subnet and use network services that require connection to the same subnet. In this example, client 1 is in subnet
192.168.1.0/24 and so is the device at the other end of client 1’s channel.
Since each VLAN configured on the core devices is an aggregate of multiple client VLANs, the aggregated VLANs
greatly increase the number of clients a core device can accommodate.
This example shows a single link between the core devices. However, you can use a trunk group to add link-level
redundancy.
11 - 44 June 2005
Configuring Virtual LANs (VLANs)
• Add the port connected to the core device (the device that will aggregate the VLANs) as a tagged port.
This port must be tagged because all the client VLANs share the port as an uplink to the core device.
• On each core device:
• Enable VLAN aggregation. This support allows the core device to add an additional tag to each Ethernet
frame that contains a VLAN packet from the edge device. The additional tag identifies the aggregate
VLAN (the path). However, the additional tag can cause the frame to be longer than the maximum
supported frame size. The larger frame support allows Ethernet frames up to 1530 bytes long.
NOTE: Enable the VLAN aggregation option only on the core devices.
• Configure a VLAN tag type (tag ID) that is different than the tag type used on the edge devices. If you
use the default tag type (8100) on the edge devices, set the tag type on the core devices to another
value, such as 9100. The tag type must be the same on all the core devices. The edge devices also
must have the same tag type but the type must be different from the tag type on the core devices.
NOTE: You can enable the Spanning Tree Protocol (STP) on the edge devices or the core devices, but not both.
If you enable STP on the edge devices and the core devices, STP will prevent client traffic from travelling through
the core to the other side.
June 2005 11 - 45
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: In these examples, the configurations of the edge devices (A, B, E, and F) are identical. The
configurations of the core devices (C and D) also are identical. The aggregated VLAN configurations of the edge
and core devices on one side must be symmetrical (in fact, a mirror image) to the configurations of the devices on
the other side. For simplicity, the example in Figure 11.17 on page 11-44 is symmetrical in terms of the port
numbers. This allows the configurations for both sides of the link to be the same. If your configuration does not
use symmetrically arranged port numbers, the configurations should not be identical but must use the correct port
numbers.
11 - 46 June 2005
Configuring Virtual LANs (VLANs)
June 2005 11 - 47
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
11 - 48 June 2005
Configuring Virtual LANs (VLANs)
ProCurveRSF(config-vlan-103)# exit
ProCurveRSF(config)# vlan 104 by port
ProCurveRSF(config-vlan-104)# tagged ethernet 2/1
ProCurveRSF(config-vlan-104)# untagged ethernet 1/4
ProCurveRSF(config-vlan-104)# exit
ProCurveRSF(config)# vlan 105 by port
ProCurveRSF(config-vlan-105)# tagged ethernet 2/1
ProCurveRSF(config-vlan-105)# untagged ethernet 1/5
ProCurveRSF(config-vlan-105)# exit
ProCurveRSF(config)# write memory
Figure 11.18 Private VLAN used to secure communication between a workstation and servers
This example uses a private VLAN to secure traffic between hosts and the rest of the network through a firewall.
Five ports in this example are members of a private VLAN. The first port (port 3/2) is attached to a firewall. The
next four ports (ports 3/5, 3/6, 3/9, and 3/10) are attached to hosts that rely on the firewall to secure traffic between
the hosts and the rest of the network. In this example, two of the hosts (on ports 3/5 and 3/6) are in a community
private VLAN, and thus can communicate with one another as well as through the firewall. The other two hosts
(on ports 3/9 and 3/10), are in an isolated VLAN and thus can communicate only through the firewall. The two
hosts are secured from communicating with one another even though they are in the same VLAN.
June 2005 11 - 49
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
By default, the private VLAN does not forward broadcast or unknown-unicast packets from outside sources into
the private VLAN. If needed, you can override this behavior for broadcast packets, unknown-unicast packets, or
both. (See “Enabling Broadcast or Unknown Unicast Traffic to the Private VLAN” on page 11-52.)
You can configure a combination of the following types of private VLANs:
• Primary – The primary private VLAN ports are “promiscuous”. They can communicate with all the isolated
private VLAN ports and community private VLAN ports in the isolated and community VLANs that are
mapped to the promiscuous port.
• Isolated – Broadcasts and unknown unicasts received on isolated ports are sent only to the primary port.
They are not flooded to other ports in the isolated VLAN.
• Community – Broadcasts and unknown unicasts received on community ports are sent to the primary port
and also are flooded to the other ports in the community VLAN.
Each private VLAN must have a primary VLAN. The primary VLAN is the interface between the secured ports and
the rest of the network. The private VLAN can have any combination of community and isolated VLANs. (See
“Configuration Rules” on page 11-50.)
Table 11.2 list the differences between private VLANs and standard VLANs.
Implementation Notes
• The private VLAN implementation in the current release uses the CPU for forwarding packets on the primary
VLAN’s “promiscuous” port. Other forwarding is performed in the hardware. Support for the hardware
forwarding in this feature sometimes results in multiple MAC address entries for the same MAC address in
the device’s MAC address table. In this case, each of the entries is associated with a different VLAN. The
multiple entries are a normal aspect of the implementation of this feature and do not indicate a software
problem.
• By default, the primary VLAN does not forward broadcast or unknown unicast packets into the private VLAN.
You also can use MAC address filters to control traffic forwarded into and out of the private VLAN.
11 - 50 June 2005
Configuring Virtual LANs (VLANs)
• You cannot share a port between a private VLAN and a standard port-based VLAN or protocol VLAN. You
can configure private VLANs and standard port-based VLANs and protocol VLANs on the same device, but a
port cannot be a member of both a private VLAN and a port-based VLAN or protocol VLAN.
NOTE: Although a private VLAN resides within a port-based VLAN, the VLAN is considered to be
exclusively a private VLAN, not a port-based VLAN.
• You cannot use the private VLAN feature and the dual-mode VLAN port feature on the same device.
• The Spanning Tree Protocol (STP) is independent of this feature, and can be enabled or disabled in the
individual port-based VLANs. However, private VLANs are not supported with single-instance STP (“single
span”).
• You can configure only one private VLAN within a given port-based VLAN. Thus, you must configure a
separate port-based VLAN for each private VLAN.
• Each private VLAN can have only one primary VLAN.
• Each private VLAN can have multiple isolated or community VLANs. You can use any combination of
isolated or community VLANs with the primary VLAN. You do not need to use both isolated and community
VLANs in the private VLAN.
• You can configure the primary VLAN before or after you configure the community or isolated VLANs. You are
not required to configure a specific type of private VLAN before you can configure the other types.
• The ports in all three types of private VLANs can be tagged or untagged.
NOTE: If the port in the primary VLAN is tagged, you must add the port as a tagged port to each of the
isolated and community VLANs. If the port in the primary VLAN is untagged, you do not need to add the port
to the isolated and community VLANs.
• The primary VLAN has only one active port. The primary VLAN can have more than one port, but only the
lowest-numbered available port is active. The other ports provide redundancy.
• You cannot configure the default VLAN (VLAN 1) as a private VLAN.
Configuring an Isolated or Community Private VLAN
To configure an isolated or a community private VLAN, use the following CLI methods.
USING THE CLI
To configure a community private VLAN, enter commands such as the following:
ProCurveRS(config)# vlan 901
ProCurveRS(config-vlan-901)# tagged ethernet 3/5 to 3/6
ProCurveRS(config-vlan-901)# pvlan type community
These commands create port-based VLAN 901, add ports 3/5 and 3/6 to the VLAN as tagged ports, then specify
that the VLAN is a community private VLAN.
Syntax: tagged ethernet <portnum> [to <portnum> | ethernet <portnum>]
Syntax: [no] pvlan type community | isolated | primary
The tagged or untagged command adds the ports to the VLAN.
The pvlan type command specifies that this port-based VLAN is a private VLAN.
• community – Broadcasts and unknown unicasts received on community ports are sent to the primary port
and also are flooded to the other ports in the community VLAN.
• isolated – Broadcasts and unknown unicasts received on isolated ports are sent only to the primary port.
They are not flooded to other ports in the isolated VLAN.
• primary – The primary private VLAN ports are “promiscuous”. They can communicate with all the isolated
private VLAN ports and community private VLAN ports in the isolated and community VLANs that are
June 2005 11 - 51
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: The primary private VLAN has only one active port. If you configure the VLAN to have more than one
port, the lowest-numbered port is the active one. The additional ports provide redundancy. If the active port
becomes unavailable, the lowest-numbered available port becomes the active port for the VLAN.
NOTE: You can add the port as a tagged port if needed. If you add the port as a tagged port, you must also add
the port as a tagged port to the isolated and community VLANs. See “CLI Example for Figure 11.18” on page 11-
53.
The pvlan type command specifies that this port-based VLAN is a private VLAN. Specify primary as the type.
The pvlan mapping command identifies the other private VLANs for which this VLAN is the primary. The
command also specifies the primary VLAN ports to which you are mapping the other private VLANs.
• The <vlan-id> parameter specifies another private VLAN. The other private VLAN you want to specify must
already be configured.
• The ethernet <portnum> parameter specifies the primary VLAN port to which you are mapping all the ports in
the other private VLAN (the one specified by <vlan-id>).
NOTE: You also can use MAC address filters to control the traffic forwarded into and out of the private VLAN.
11 - 52 June 2005
Configuring Virtual LANs (VLANs)
June 2005 11 - 53
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: You also can specify the primary port and other ports on the same command line. In this example, the
command tagged ethernet 3/2 ethernet 3/5 to 3/6 is equivalent to the pair of tagged commands shown above
for the same ports.
VLAN 20 Untagged
Traffic Traffic
HP Switch 4000
Port 2/11
Tagged, VLAN 20
dual-mode
VLAN 20 Untagged
Traffic Traffic
11 - 54 June 2005
Configuring Virtual LANs (VLANs)
VLAN 10 VLAN 10
Untagged Untagged
Traffic Traffic
Hub
Port 2/9
Tagged, VLAN 20
VLAN 20 VLAN 20
Tagged Tagged
Traffic Traffic
In Figure 11.20, tagged port 2/11 is a dual-mode port belonging to VLANs 10 and 20. The default VLAN assigned
to this dual-mode port is 10. This means that the port transmits tagged traffic on VLAN 20 (and all other VLANs to
which the port belongs) and transmits untagged traffic on VLAN 10.
The dual-mode feature allows tagged traffic for VLAN 20 and untagged traffic for VLAN 10 to go through port 2/11
at the same time. A dual-mode port transmits only untagged traffic on its default VLAN (that is, either VLAN 1, or
a user-specified VLAN ID), and only tagged traffic on all other VLANs.
The following commands configure VLANs 10 and 20 in Figure 11.20. Tagged port 2/11 is added to VLANs 10
and 20, then designated a dual-mode port whose specified default VLAN is 10. In this configuration, port 2/11
transmits only untagged traffic on VLAN 10 and only tagged traffic on VLAN 20.
ProCurveRS(config)# vlan 10 by port
ProCurveRS(config-vlan-10)# untagged e 2/10
ProCurveRS(config-vlan-10)# tagged e 2/11
ProCurveRS(config-vlan-10)# exit
ProCurveRS(config)# vlan 20 by port
ProCurveRS(config-vlan-20)# tagged e 2/9
ProCurveRS(config-vlan-20)# tagged e 2/11
ProCurveRS(config-vlan-20)# exit
ProCurveRS(config)# int e 2/11
ProCurveRS(config-if-e100-2/11)# dual-mode 10
ProCurveRS(config-if-e100-2/11)# exit
Syntax: [no] dual-mode [<vlan-id>]
Notes:
• If you do not specify a <vlan-id> in the dual mode command, the port’s default VLAN is set to 1. The port
transmits untagged traffic on the DEFAULT-VLAN.
• The dual-mode feature is disabled by default. Only tagged ports can be configured as dual-mode ports.
• In trunk group, either all of the ports must be dual-mode, or none of them can be.
June 2005 11 - 55
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
The show vlan command displays a separate row for dual-mode ports on each VLAN. For example:
legend: [S=Slot]
11 - 56 June 2005
Configuring Virtual LANs (VLANs)
June 2005 11 - 57
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
10. Click the Select Port Members button to display the following panel.
11. Select the ports you are placing in the VLAN. To select a row, click on the checkbox next to the row number,
then click on the Select Row button.
NOTE: Ports highlighted in grey are members of a trunk group. The port right before the grey ports is the
master port for that trunk group.
12. When you finish selecting the ports, click on the Continue button to return to the Port VLAN configuration
dialog.
13. Click the Add button (to add a new VLAN) or the Modify button (if you are modifying an existing VLAN) to
save the change to the device’s running-config file.
14. Select the Save link at the bottom of the dialog, then select Yes when prompted to save the configuration
change to the startup-config file on the device’s flash memory.
11 - 58 June 2005
Configuring Virtual LANs (VLANs)
5. Enter the VLAN ID that will contain the protocol VLAN in the VLAN ID field.
6. Enter a name for the VLAN in the Protocol_VLAN_Name field.
7. Select the virtual routing interface from the Router_Interface pulldown list if you configured a virtual routing
interface for routing into and out of the VLAN.
8. Select the protocol type.
9. Specify the port that are members for the VLAN:
• Select Dynamic Port if you want the port membership to be dynamic. For information, see “Dynamic
Ports” on page 11-9.
• Click the Change Static Members button if you want to configure static ports. For information, see “Static
Ports” on page 11-10.
• Click the Change Exclude Members button if you want to explicitly exclude some ports. For information,
see “Excluded Ports” on page 11-10.
NOTE: All the ports must be members of the port-based VLAN that contains this IP subnet VLAN. See
“Layer 3 Protocol-Based VLANs” on page 11-3.
10. Click the Add button (if you are adding a new VLAN) or the Modify button (if you are modifying an existing
VLAN) to save the change to the device’s running-config file.
11. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
June 2005 11 - 59
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
• If the device does not have any protocol VLANs, the Protocol VLAN configuration panel is displayed, as
shown in the following example.
• If at least one protocol VLAN is already configured and you are adding a new one, click on the IP Subnet
link to display the IP Subnet Protocol VLAN configuration panel.
• If you are modifying an existing protocol VLAN, click on the Modify button to the right of the row
describing the VLAN to display the configuration panel for the type of VLAN you are modifying. The
following example shows the IP Subnet Protocol VLAN configuration dialog, used for configuring an IP
subnet protocol VLAN (not a protocol, IPX network, or AppleTalk cable VLAN).
5. Enter the VLAN ID that will contain the IP subnet VLAN in the VLAN ID field.
6. Enter a name for the VLAN in the Protocol_VLAN_Name field.
7. Select the virtual routing interface from the Router_Interface pulldown list if you configured a virtual routing
interface for routing into and out of the VLAN.
8. Enter the IP address of the VLAN in the IP_Address field.
9. Enter the network mask in the Mask field.
10. Specify the port that are members for the VLAN:
• Select Dynamic Port if you want the port membership to be dynamic. For information, see “Dynamic
Ports” on page 11-9.
• Click the Change Static Members button if you want to configure static ports. For information, see “Static
Ports” on page 11-10.
• Click the Change Exclude Members button if you want to explicitly exclude some ports. For information,
see “Excluded Ports” on page 11-10.
NOTE: All the ports must be members of the port-based VLAN that contains this IP subnet VLAN. See
“Layer 3 Protocol-Based VLANs” on page 11-3.
11. Click the Add button (if you are adding a new VLAN) or the Modify button (if you are modifying an existing
VLAN) to save the change to the device’s running-config file.
11 - 60 June 2005
Configuring Virtual LANs (VLANs)
12. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
5. Enter the VLAN ID that will contain the IPX network VLAN in the VLAN ID field.
6. Enter a name for the VLAN in the Protocol_VLAN_Name field.
7. Select the virtual routing interface from the Router_Interface pulldown list if you configured a virtual routing
interface for routing into and out of the VLAN.
8. Select the encapsulation type from the Frame_Type field’s pulldown list.
9. Enter the IPX network address of the VLAN in the Network field.
10. Specify the port that are members for the VLAN:
• Select Dynamic Port if you want the port membership to be dynamic. For information, see “Dynamic
Ports” on page 11-9.
• Click the Change Static Members button if you want to configure static ports. For information, see “Static
June 2005 11 - 61
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: All the ports must be members of the port-based VLAN that contains this IPX network VLAN. See
“Layer 3 Protocol-Based VLANs” on page 11-3.
11. Click the Add button (if you are adding a new VLAN) or the Modify button (if you are modifying an existing
VLAN) to save the change to the device’s running-config file.
12. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
5. Enter the VLAN ID that will contain the AppleTalk cable VLAN in the VLAN ID field.
6. Enter a name for the VLAN in the Protocol_VLAN_Name field.
7. Select the virtual routing interface from the Router_Interface pulldown list if you configured a virtual routing
interface for routing into and out of the VLAN.
11 - 62 June 2005
Configuring Virtual LANs (VLANs)
8. Select the AppleTalk cable ID from the AppleTalk Cable field’s pulldown list.
9. Specify the port that are members for the VLAN:
• Select Dynamic Port if you want the port membership to be dynamic. For information, see “Dynamic
Ports” on page 11-9.
• Click the Change Static Members button if you want to configure static ports. For information, see “Static
Ports” on page 11-10.
• Click the Change Exclude Members button if you want to explicitly exclude some ports. For information,
see “Excluded Ports” on page 11-10.
NOTE: All the ports must be members of the port-based VLAN that contains this AppleTalk cable VLAN.
See “Layer 3 Protocol-Based VLANs” on page 11-3.
10. Click the Add button (if you are adding a new VLAN) or the Modify button (if you are modifying an existing
VLAN) to save the change to the device’s running-config file.
11. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
NOTE: If a VLAN name begins with “GVRP_VLAN_“, the VLAN was created by the GARP VLAN Registration
Protocol (GVRP). If a VLAN name begins with “STATIC_VLAN_“, the VLAN was created by GVRP and then was
converted into a statically configured VLAN.
June 2005 11 - 63
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
11 - 64 June 2005
Configuring Virtual LANs (VLANs)
legend: [S=Slot]
June 2005 11 - 65
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
11 - 66 June 2005
Chapter 12
Configuring IP Multicast Traffic Reduction
ProCurve Routing Switches forward all IP multicast traffic by default based on the Layer 2 information in the
packets. Optionally, you can enable these HP devices to make forwarding decisions in hardware, based on
multicast group by enabling the IP Multicast Traffic Reduction feature.
When this feature is enabled, these HP devices examine the MAC address in an IP multicast packet and forward
the packet only on the ports from which the device has received Group Membership reports for that group, instead
of forwarding all multicast traffic to all ports. The device sends traffic for other groups out all ports.
When you enable IP Multicast Traffic Reduction, you also can configure the following features:
• IGMP mode – When you enable IP Multicast Traffic Reduction, the device passively listens for IGMP Group
Membership reports by default. If the multicast domain does not have a Routing Switch to send IGMP
queries to elicit these Group Membership reports, you can enable the device to actively send the IGMP
queries.
• Query interval – The query interval specifies how often the device sends Group Membership queries. This
query interval applies only to the active IGMP mode. The default is 60 seconds. You can change the interval
to a value from 10 – 600 seconds.
• Age interval – The age interval specifies how long an IGMP group can remain in the IGMP group table without
the device receiving a Group Membership report for the group. If the age interval expires before the device
receives another Group Membership report for the group, the device removes the entry from the table. The
default is 140 seconds. You can change the interval to a value from 10 – 1220 seconds.
• Forwarding policy – The device forwards all IP multicast traffic by default but you can enable the device to
forward IP multicast traffic only for groups for which the device has received a Group Membership report, and
drop traffic for all other groups.
The following sections describe how to configure IP multicast traffic reduction and PIM SM Traffic Snooping
parameters on an HP device.
NOTE: Beginning with software release 07.7.00, IP multicast traffic reduction and PIM SM Traffic Snooping is
available on Routing Switches.
June 2005 12 - 1
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
members based on entries in the IGMP table. Each entry in the table consists of MAC addresses and the HP
device ports from which the device has received Group Membership reports for that group.
By default, the device broadcasts traffic addressed to an IP multicast group that doesn’t have any entries in the
IGMP table. When you enable IP Multicast Traffic Reduction, the device determines the ports that are attached to
multicast group members based on entries in the IGMP table. The IGMP table entries are created when the VLAN
receives a group membership report for a group. Each entry in the table consists of an IP multicast group address
and the HP device ports from which the device has received Group Membership reports.
When the device receives traffic for an IP multicast group, the device looks in the IGMP table for an entry
corresponding to that group. If the device finds an entry, the device forwards the group traffic out the ports listed in
the corresponding entries, as long as the ports are members of the same VLAN. If the table does not contain an
entry corresponding to the group or if the port is a member of the default VLAN, the device broadcasts the traffic.
NOTE: When one or more HP devices are running Layer 2 IP Multicast Traffic reduction, configure one of the
devices for active IGMP and leave the other devices configured for passive IGMP. However, if the IP multicast
domain contains a multicast-capable Routing Switch, configure all the HP devices for passive IGMP and allow the
Routing Switch to actively send the IGMP queries.
NOTE: If the "route-only" feature is enabled on the Routing Switch, then IP Multicast Traffic Reduction will not be
supported.
NOTE: This feature is not supported on the default VLAN of Routing Switches.
To verify that IP Multicast Traffic Reduction is enabled, enter the following command at any level of the CLI:
ProCurveRS(config)# show ip multicast
IP multicast is enabled - Active
Syntax: show ip multicast
USING THE WEB MANAGEMENT INTERFACE
To enable IP Multicast Traffic Reduction on a device:
1. Log on to the device using a valid user name and password for read-write access. The System configuration
panel is displayed.
2. Select Enable next to IP Multicast.
3. Click the Apply button to save the change to the device’s running-config file.
4. Select the Save link at the bottom of the dialog, then select Yes when prompted to save the configuration
change to the startup-config file on the device’s flash memory.
12 - 2 June 2005
Configuring IP Multicast Traffic Reduction
multicast groups on the network and makes entries in the IGMP table based on the Group Membership
reports received from the network.
NOTE: Routing Switches in the network generally handle this operation. Use the active IGMP mode only
when the device is in a stand-alone network with no external IP multicast Routing Switch attachments. In this
case, enable the active IGMP mode on only one of the devices and leave the other devices configured for
passive IGMP mode.
• Passive – When passive IGMP mode is enabled, the device listens for IGMP Group Membership reports but
does not send IGMP queries. The passive mode is sometimes called “IGMP snooping”. Use this mode when
another device in the network is actively sending queries.
To set change the IGMP mode, use either of the following methods.
USING THE CLI
To enable active IGMP, enter the following command:
ProCurveRS(config)# ip multicast active
ProCurveRS(config)# write memory
ProCurveRS(config)# end
ProCurveRS# reload
Syntax: [no] ip multicast active | passive
To enable passive IGMP, enter the following command:
ProCurveRS(config)# ip multicast passive
ProCurveRS(config)# write memory
ProCurveRS(config)# end
ProCurveRS# reload
USING THE WEB MANAGEMENT INTERFACE
To change the IGMP mode:
1. Log on to the device using a valid user name and password for read-write access. The System configuration
panel is displayed.
2. Select Active or Passive next to IGMP.
3. Click the Apply button to save the change to the device’s running-config file.
4. Select the Save link at the bottom of the dialog, then select Yes when prompted to save the configuration
change to the startup-config file on the device’s flash memory.
By default, when you enable IP multicast on an HP device, all ports on the device are configured for IGMP. If you
are using active IGMP, all ports can send IGMP queries and receive IGMP reports. If you are using passive IGMP,
all ports can receive IGMP queries.
You can disable IGMP on individual ports if you want to block all IP multicast traffic on those ports. When you
disable IGMP on an individual port, the device does not forward any multicast traffic out the port, but other ports
can still send and receive multicast traffic.
To disable IGMP on a port, use the following CLI method.
June 2005 12 - 3
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: The query interval applies only to the active mode of IP Multicast Traffic reduction.
12 - 4 June 2005
Configuring IP Multicast Traffic Reduction
received, the device drops all multicast packets for groups other than the ones for which the device has received
the group membership report.
To enable IP multicast filtering, use the following CLI method.
USING THE CLI
To enable IP multicast filtering, enter the following command:
ProCurveRS(config)# ip multicast filter
Syntax: [no] ip multicast filter
USING THE WEB MANAGEMENT INTERFACE
You cannot configure this feature using the Web management interface.
NOTE: If the “route-only” feature is enabled on a Routing Switch, PINM SM traffic snooping will not be
supported.
Active The IP address of the device that actively sends IGMP queries.
Router Ports The ports that are connected to Routing Switches that support IP
multicast.
June 2005 12 - 5
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
If you want to display the amount of hardware resource that is currently being used by a specific group, enter a
command such as the following at any level of the CLI:
VLAN ID The port-based VLAN to which the information listed below applies.
G= Address of the IP multicast group that is using the entry. In the display
above, “XXX.0/128.1.22” means that either group XXX.0.1.22 or XXX
128.1.22 or both is using this entry.
The field ref_cnt shows the number of groups that are sharing this
entry. Multiple groups could share one entry because only low 23 bits
are significant.
Note: The fid and camindex values are used by HP Technical Support
for troubleshooting.
12 - 6 June 2005
Configuring IP Multicast Traffic Reduction
June 2005 12 - 7
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
VLAN ID The port-based VLAN to which the information listed below the VLAN
ID applies. Each port-based VLAN is a separate Layer 2 broadcast
domain.
Querier The IP address of the device that actively sends IGMP queries.
(port) The port on which the queries are being sent out.
Router Ports The ports that are connected to a Routing S witch that support IP
multicast.
Total Number of Multicast Group in The total number of groups for which the VLAN’s ports have received
VLAN IGMP group membership reports, join messages, or prune messages.
12 - 8 June 2005
Configuring IP Multicast Traffic Reduction
If you want to display PIM SM snooping information for one source or one group, enter a command as in the
following example. The command also displays the (source, port) list of the group.
VLAN ID The port-based VLAN to which the information listed below apply and
the number of members in the VLAN.
PIM SM Neighbor list The PIM SM routers that are attached to the ports in the VLAN.
The value following “expires” indicates how many seconds the will
wait for a hello message from the neighbor before determining that the
neighbor is no longer present and removing the neighbor from the list.
Forwarding Port The port(s) attached to the group’s receivers. A port is listed here
when it receives a join message for the group, an IGMP membership
report for the group, or both.
PIMv2 Group Port The port(s) on which the has received PIM SM join messages for the
group.
Source, Port list The IP address of each PIM SM source and the ports connected to
the receivers of the source.
June 2005 12 - 9
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
VLAN ID The port-based VLAN to which the information listed below the VLAN
ID applies. Each port-based VLAN is a separate Layer 2 broadcast
domain.
Active The IP address of the device that actively sends IGMP queries.
Router Ports The ports that are connected to Routing Witches that support IP
multicast.
12 - 10 June 2005
Configuring IP Multicast Traffic Reduction
Number of Multicast Group The total number of groups for which the VLAN’s ports have received
IGMP group membership reports, join messages, or prune messages.
IGMP Report Port The port(s) in this VLAN on which the has received IGMP group
membership reports for IP multicast groups.
Source, Port list The IP address of each IGMP source and the ports connected to the
receivers of the source.
You also can display PIM SM information on Routing Switches by entering the following command, at any level of
the CLI:
June 2005 12 - 11
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
VLAN ID The port-based VLAN to which the neighbors and groups listed below
the VLAN ID apply. Each port-based VLAN is a separate Layer 2
broadcast domain.
PIM SM Neighbor list The PIM SM routers that are attached to the ’s ports in the VLAN.
The value following “expires” indicates how many seconds the will
wait for a hello message from the neighbor before determining that the
neighbor is no longer present and removing the neighbor from the list.
Number of Multicast Group The total number of groups for which the VLAN’s ports have received
PIM join or prune messages and IGMP group membership reports.
Multicast Group The IP address of the multicast group. The "Num SG" entry indicates
how many Source to Group flows are created for that Multicast Group
as there can be more than one source for a given group.
Note: The fid and camindex values are used by HP Technical Support
for troubleshooting.
Forwarding Port The port(s) attached to the group’s receivers. A port is listed here
when it receives a join message for the group, an IGMP membership
report for the group, or both.
PIMv2 Group Port The port(s) on which the has received PIM SM join messages for the
group.
Source, Port list The IP address of each PIM SM source and the ports connected to
the receivers of the source.
SG join ports: Ports from which a join message was received. The forwards the
traffic only on this port.
(S, G) age The actual aging value. If this entry shows the value 0 seconds,
software age value is still 0 and the flow is programmed in the CAM. If
the entry shows a value other than 0 seconds, then the CAM entry
has aged out and the software aging has begun. Once this age value
reaches the Group Age value the entry will be deleted from the table.
Group age value can be can be from 10 – 1220 seconds. The default
is 140 seconds.
VLAN ID 1
Reports Received: 34
Leaves Received: 21
General Queries Received: 60
Group Specific Queries Received: 2
Others Received: 0
General Queries Sent: 0
Group Specific Queries Sent: 0
12 - 12 June 2005
Configuring IP Multicast Traffic Reduction
VLAN ID 2
Reports Received: 0
Leaves Received: 0
General Queries Received: 60
Group Specific Queries Received: 2
Others Received: 0
General Queries Sent: 0
Group Specific Queries Sent: 0
The command in this example shows statistics for two port-based VLANs.
Syntax: show ip multicast statistics
# show ip multicast
IP multicast is enabled - Active
VLAN ID 1
Active 192.168.2.30 Router Ports 4/13
Multicast Group: 239.255.162.5, Port: 4/4 4/13
Multicast Group: 239.255.162.4, Port: 4/10 4/13
# show ip multicast
IP multicast is enabled - Active
VLAN ID 1
Active 192.168.2.30 Router Ports 4/13
To clear the learned IGMP flows for a specific IP multicast group, enter a command such as the following:
ProCurveRS# clear ip multicast group 239.255.162.5
June 2005 12 - 13
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
The following example shows how to clear the IGMP flows for a specific group and retain reports for other groups.
12 - 14 June 2005
Chapter 13
Configuring
GARP VLAN Registration Protocol (GVRP)
GARP VLAN Registration Protocol (GVRP) is a Generic Attribute Registration Protocol (GARP) application that
provides VLAN registration service by means of dynamic configuration (registration) and distribution of VLAN
membership information.
An HP device enabled for GVRP can do the following:
• Learn about VLANs from other HP devices and configure those VLANs on the ports that learn about the
VLANs. The device listens for GVRP Protocol Data Units (PDUs) from other devices, and implements the
VLAN configuration information in the PDUs.
• Advertise VLANs configured on the device to other HP devices. The device sends GVRP PDUs advertising
its VLANs to other devices. GVRP advertises statically configured VLANs and VLANs learned from other
devices through GVRP.
GVRP enables an HP device to dynamically create 802.1Q-compliant VLANs on links with other devices that are
running GVRP. GVRP reduces the chances for errors in VLAN configuration by automatically providing VLAN ID
consistency across the network. You can use GVRP to propagate VLANs to other GVRP-aware devices
automatically, without the need to manually configure the VLANs on each device. In addition, if the VLAN
configuration on a device changes, GVRP automatically changes the VLAN configurations of the affected devices.
The HP implementation of GARP and GVRP is based on the following standards:
• ANSI/IEEE standard 802.1D, 1998 edition
• IEEE standard 802.1Q, 1998 edition; approved December 8, 1998
• IEEE draft P802.1w/D10, March 26, 2001
• IEEE draft P802.1u/D9, November 23, 2000
• IEEE draft P802.1t/D10, November 20, 2000
Application Examples
Figure 13.1 shows an example of a network that uses GVRP. This section describes various ways you can use
GVRP in a network such as this one. “CLI Examples” on page 13-17 lists the CLI commands to implement the
applications of GVRP described in this section.
June 2005 13 - 1
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Core Device
Port 4/1
Edge Device C
In this example, a core device is attached to three edge devices. Each of the edge devices is attached to other
edge devices or host stations (represented by the clouds).
The effects of GVRP in this network depend on which devices the feature is enabled on, and whether both
learning and advertising are enabled. In this type of network (a core device and edge devices), you can have the
following four combinations:
• Dynamic core and fixed edge
• Dynamic core and dynamic edge
• Fixed core and dynamic edge
• Fixed core and fixed edge
13 - 2 June 2005
Configuring GARP VLAN Registration Protocol (GVRP)
GVRP is enabled on all GVRP is enabled on port GVRP is enabled on port GVRP is enabled on port
ports. 4/24. Learning is 4/1. Learning is disabled. 4/1. Learning is disabled.
disabled.
Both learning and VLAN 20 VLAN 30
advertising are enabled. VLAN 20
Port 2/24 (untagged) Port 2/24 (untagged)
Note: Since learning is Port 2/1 (untagged)
Port 4/1 (tagged) Port 4/1 (tagged)
disabled on all the edge
Port 4/24 (tagged)
devices, advertising on VLAN 30 VLAN 40
the core device has no VLAN 40
effect in this Port 4/24 (untagged) Port 4/24 (untagged)
configuration. Port 4/1 (untagged)
Port 4/1 (tagged) Port 4/1 (tagged)
Port 4/24 (tagged)
In this configuration, the edge devices are statically (manually) configured with VLAN information. The core
device dynamically configures itself to be a member of each of the edge device’s VLANs. The operation of GVRP
on the core device results in the following VLAN configuration on the device:
• VLAN 20
• 1/24 (tagged)
• 6/24 (tagged)
• VLAN 30
• 6/24 (tagged)
• 8/17 (tagged)
• VLAN 40
• 1/24 (tagged)
• 8/17 (tagged)
VLAN 20 traffic can now travel through the core between edge devices A and B. Likewise, VLAN 30 traffic can
travel between B and C and VLAN 40 traffic can travel between A and C. If an edge device is moved to a different
core port or the VLAN configuration of an edge device is changed, the core device automatically reconfigures itself
to accommodate the change.
Notice that each of the ports in the dynamically created VLANs is tagged. All GVRP VLAN ports configured by
GVRP are tagged, to ensure that the port can be configured for additional VLANs.
NOTE: This example assumes that the core device has no static VLANs configured. However, you can have
static VLANs on a device that is running GVRP. GVRP can dynamically add other ports to the statically configured
VLANs but cannot delete statically configured ports from the VLANs.
June 2005 13 - 3
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
VLAN Names
The show vlans command lists VLANs created by GVRP as “GVRP_VLAN_<vlan-id>”. VLAN names for
statically configured VLANs are not affected. To distinguish between statically-configured VLANs that you add to
the device and VLANs that you convert from GVRP-configured VLANs into statically-configured VLANs, the show
vlans command displays a converted VLAN’s name as “STATIC_VLAN_<vlan-id>”.
Configuration Considerations
• If you disable GVRP, all GVRP configuration information is lost if you save the configuration change (write
memory command) and then reload the software. However, if you reload the software without first saving the
configuration change, the GVRP configuration is restored following a software reload.
• The maximum number of VLANS supported on a device enabled for GVRP is the same as the maximum
number on a device that is not enabled for GVRP.
• To display the maximum number of VLANs allowed on your device, enter the show default values
command. See the “vlan” row in the System Parameters section. Make sure you allow for the default
VLAN (1), the GVRP base VLAN (4093), and the Single STP VLAN (4094). These VLANs are
maintained as “Registration Forbidden” in the GVRP database. Registration Forbidden VLANs cannot
be advertised or learned by GVRP.
• To increase the maximum number of VLANs supported on the device, enter the system-max vlan
<num> command at the global CONFIG level of the CLI, then save the configuration and reload the
software. The maximum number you can specify is listed in the Maximum column of the show default
values display.
• The default VLAN (VLAN 1) is not advertised by the HP implementation of GVRP. The default VLAN contains
all ports that are not members of statically configured VLANs or VLANs enabled for GVRP.
NOTE: The default VLAN has ID 1 by default. You can change the VLAN ID of the default VLAN, but only
before GVRP is enabled. You cannot change the ID of the default VLAN after GVRP is enabled.
• Single STP must be enabled on the device. HP’s implementation of GVRP requires Single STP. If you do not
have any statically configured VLANs on the device, you can enable Single STP as follows:
ProCurveRS(config)# vlan 1
ProCurveRS(config-vlan-1)# exit
ProCurveRS(config)# span
ProCurveRS(config)# span single
These commands enable configuration of the default VLAN (VLAN 1), which contains all the device’s ports,
and enable STP and Single STP.
• All VLANs that are learned dynamically through GVRP are added to the single spanning tree.
• All ports that are enabled for GVRP become tagged members of the GVRP base VLAN (4093). If you need to
use this VLAN ID for another VLAN, you can change the GVRP VLAN ID. See “Changing the GVRP Base
VLAN ID” on page 13-5. The software adds the GVRP base VLAN to the single spanning tree.
13 - 4 June 2005
Configuring GARP VLAN Registration Protocol (GVRP)
NOTE: If you plan to change the GVRP base VLAN ID (4093) or the maximum configurable value for the
Leaveall timer (300000 ms by default), you must do so before you enable GVRP.
Configuring GVRP
To configure a device for GVRP, globally enable support for the feature, then enable the feature on specific ports.
Optionally, you can disable VLAN learning or advertising on specific interfaces.
You also can change the protocol timers and change the GVRP base VLAN ID.
NOTE: If you want to change the GVRP base VLAN ID, you must do so before enabling GVRP.
To change the GVRP base VLAN ID, enter a command such as the following at the global CONFIG level of the
CLI:
ProCurveRS(config)# gvrp-base-vlan-id 1001
This command changes the GVRP VLAN ID from 4093 to 1001.
Syntax: [no] gvrp-base-vlan-id <vlan-id>
The <vlan-id> parameter specifies the new VLAN ID. You can specify a VLAN ID from 2 – 4092 or 4095.
June 2005 13 - 5
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: You must enter this command before enabling GVRP. Once GVRP is enabled, you cannot change the
maximum Leaveall timer value.
NOTE: This command does not change the default value of the Leaveall timer itself. The command only
changes the maximum value to which you can set the Leaveall timer.
To increase the maximum value you can specify for the Leaveall timer, enter a command such as the following at
the global CONFIG level of the CLI:
ProCurveRS(config)# gvrp-max-leaveall-timer 1000000
Syntax: [no] gvrp-max-leaveall-timer <ms>
The <ms> parameter specifies the maximum number of ms to which you can set the Leaveall timer. You can
specify from 300000 – 1000000 (one million) ms. The value must be a multiple of 100 ms. The default is 300000
ms.
Enabling GVRP
To enable GVRP, enter commands such as the following at the global CONFIG level of the CLI:
ProCurveRS(config)# gvrp-enable
ProCurveRS(config-gvrp)# enable all
The first command globally enables support for the feature and changes the CLI to the GVRP configuration level.
The second command enables GVRP on all ports on the device.
The following command enables GVRP on ports 1/24, 6/24, and 8/17:
ProCurveRS(config-gvrp)# enable ethernet 1/24 ethernet 6/24 ethernet 8/17
Syntax: [no] gvrp-enable
Syntax: [no] enable all | ethernet <portnum> [ethernet <portnum> | to <portnum>]
The all parameter enables GVRP on all ports.
The ethernet <portnum> [ethernet <portnum> | to <portnum>] parameter enables GVRP on the specified list or
range of Ethernet ports.
• To specify a list, enter each port as ethernet <portnum> followed by a space. For example, to enable GVRP
on three Ethernet ports, enter the following command: enable ethernet 1/24 ethernet 6/24 ethernet 8/17
• To specify a range, enter the first port in the range as ethernet <portnum> followed by to followed by the last
port in the range. For example, to add ports 1/1 – 1/8, enter the following command: enable ethernet 1/1 to
1/8
You can combine lists and ranges in the same command. For example: enable ethernet 1/1 to 1/8 ethernet 1/24
ethernet 6/24 ethernet 8/17
13 - 6 June 2005
Configuring GARP VLAN Registration Protocol (GVRP)
NOTE: The port still advertises VLAN information unless you also disable VLAN advertising.
NOTE: When all ports in a dynamically created VLAN (one learned through GVRP) leave the VLAN, the
VLAN is immediately deleted from the device's VLAN database. However, this empty VLAN is still maintained
in the GVRP database for an amount of time equal to the following:
(number-of-GVRP-enabled-up-ports) * (2 * join-timer)
While the empty VLAN is in the GVRP database, the VLAN does not appear in the show vlans display but
does still appear in the show gvrp vlan all display.
• Leaveall – The minimum interval at which GVRP sends Leaveall messages on all GVRP interfaces. Leaveall
messages ensure that the GVRP VLAN membership information is current by aging out stale VLAN
information and adding information for new VLAN memberships, if the information is missing. A Leaveall
message instructs the port to change the GVRP state for all its VLANs to Leaving, and remove them unless a
Join message is received before the Leave timer expires. By default, you can set the Leaveall timer to a value
from five times the Leave timer – maximum value allowed by software (configurable from 300000 – 1000000
ms). The default is 10000.
NOTE: The actual interval is a random value between the Leaveall interval and 1.5 * the Leaveall time or the
maximum Leaveall time, whichever is lower.
NOTE: You can increase the maximum configurable value of the Leaveall timer from 300000 ms up to
1000000 ms using the gvrp-max-leaveall-timer command. (See “Increasing the Maximum Configurable
Value of the Leaveall Timer” on page 13-6.)
June 2005 13 - 7
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: When you enter this command, all the running GVRP timers are canceled and restarted using the new
times specified by the command.
13 - 8 June 2005
Configuring GARP VLAN Registration Protocol (GVRP)
NOTE: After you convert the VLAN, the VLAN name changes from “‘GVRP_VLAN_<vlan-id>“ to
“STATIC_VLAN_<vlan-id>“.
===========================================================================
Configuration that is being used:
===========================================================================
===========================================================================
===========================================================================
June 2005 13 - 9
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Protocol state The state of GVRP. The display shows one of the following:
• GVRP is disabled on the system
• GVRP is enabled on the system
GVRP MAX Leaveall Timer The maximum number of ms to which you can set the Leaveall timer.
Note: To change the maximum value, see “Increasing the Maximum
Configurable Value of the Leaveall Timer” on page 13-6.
Configuration that is being used The configuration commands used to enable GVRP on individual
ports. If GVRP learning or advertising is disabled on a port, this
information also is displayed.
Dropped Packets Count The number of GVRP packets that the device has dropped. A GVRP
packet can be dropped for either of the following reasons:
• GVRP packets are received on a port on which GVRP is not
enabled.
Note: If GVRP support is not globally enabled, the device does
not drop the GVRP packets but instead forwards them at Layer 2.
• GVRP packets are received with an invalid GARP Protocol ID.
The protocol ID must always be 0x0001.
Number of VLANs in the GVRP The number of VLANs in the GVRP database.
Database
Note: This number includes the default VLAN (1), the GVRP base
VLAN (4093), and the single STP VLAN (4094). These VLANs are
not advertised by GVRP but are maintained as “Registration
Forbidden”.
Maximum Number of VLANs that can The maximum number of VLANs that can be configured on the
be present device. This number includes statically configured VLANs, VLANs
learned through GVRP, and VLANs 1, 4093, and 4094.
To change the maximum number of VLANs the device can have, use
the system-max vlan <num> command. See “Displaying and
Modifying System Parameter Default Settings” on page 6-43.
13 - 10 June 2005
Configuring GARP VLAN Registration Protocol (GVRP)
To display detailed GVRP information for an individual port, enter a command such as the following:
GVRP Learning Whether the port can learn VLAN information from GVRP.
GVRP Applicant Whether the port can advertise VLAN information into GVRP.
June 2005 13 - 11
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Table 13.2: CLI Display of Detailed GVRP Information for a Port (Continued)
VLAN Membership The VLANs of which the port is a member. For each VLAN, the
following information is shown:
• VLAN ID – The VLAN’s ID.
• Mode – The type of VLAN, which can be one of the following:
• FIXED – The port will always be a member of this VLAN and
the VLAN will always be advertised on this port by GVRP. A
port becomes FIXED when you configure the port as a
tagged member of a statically configured VLAN.
• FORBIDDEN – The VLAN is one of the special VLANs that is
not advertised or learned by GVRP. In the current release,
the following VLANs are forbidden: the default VLAN (1), the
GVRP base VLAN (4093), or the Single STP VLAN (4094).
• NORMAL – The port became a member of this VLAN after
learning about the VLAN through GVRP. The port’s
membership in the VLAN depends on GVRP. If the VLAN is
removed from the ports that send GVRP advertisements to
this device, then the port will stop being a member of the
VLAN.
1 STATIC-DEFAULT 0
7 STATIC 2
11 STATIC 4
1001 DYNAMIC 7
1003 DYNAMIC 8
4093 STATIC-GVRP-BASE-VLAN 6
4094 STATIC-SINGLE-SPAN-VLAN 5
===========================================================================
13 - 12 June 2005
Configuring GARP VLAN Registration Protocol (GVRP)
Number of VLANs in the GVRP The number of VLANs in the GVRP database.
Database
Note: This number includes the default VLAN (1), the GVRP base
VLAN (4093), and the single STP VLAN (4094). These VLANs are
not advertised by GVRP but are included in the total count.
Maximum Number of VLANs that can The maximum number of VLANs that can be configured on the
be present device. This number includes statically configured VLANs, VLANs
learned through GVRP, and VLANs 1, 4093, and 4094.
To change the maximum number of VLANs the device can have, use
the system-max vlan <num> command. See “Displaying and
Modifying System Parameter Default Settings” on page 6-43.
To display detailed information for a specific VLAN, enter a command such as the following:
June 2005 13 - 13
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Table 13.4: CLI Display of Summary VLAN Information for GVRP (Continued)
Timer to Delete Entry Running Whether all ports have left the VLAN and the timer to delete the VLAN
itself is running. The timer is described in the note for the Leave timer
in “Changing the GVRP Timers” on page 13-7.
Legend The meanings of the letter codes used in other parts of the display.
Forbidden Members The ports that cannot become members of a VLAN advertised or
leaned by GVRP.
Fixed Members The ports that are statically configured members of the VLAN. GVRP
cannot remove these ports.
Normal(Dynamic) Members The ports that were added by GVRP. These ports also can be
removed by GVRP.
To display detailed information for all VLANs, enter the show gvrp vlan all command.
13 - 14 June 2005
Configuring GARP VLAN Registration Protocol (GVRP)
Invalid Messages/Attributes Skipped The number of invalid messages or attributes received or skipped.
This can occur in the following cases:
• The incoming GVRP PDU has an incorrect length.
• "End of PDU" was reached before the complete attribute could be
parsed.
• The Attribute Type of the attribute that was being parsed was not
the GVRP VID Attribute Type (0x01).
• The attribute that was being parsed had an invalid attribute
length.
• The attribute that was being parsed had an invalid GARP event.
• The attribute that was being parsed had an invalid VLAN ID. The
valid range is 1 – 4095.
Failed Registrations The number of failed registrations that have occurred. A failed
registration can occur for the following reasons:
• Join requests were received on a port that was blocked from
learning dynamic VLANs (GVRP Blocking state).
• An entry for a new GVRP VLAN could not be created in the
GVRP database.
To display GVRP statistics for all ports, enter the show gvrp statistics all command.
June 2005 13 - 15
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
To display CPU utilization statistics for GVRP for the previous one-second, one-minute, five-minute, and fifteen-
minute intervals, enter the following command at any level of the CLI:
If the software has been running less than 15 minutes (the maximum interval for utilization statistics), the
command indicates how long the software has been running. Here is an example:
To display utilization statistics for a specific number of seconds, enter a command such as the following:
When you specify how many seconds’ worth of statistics you want to display, the software selects the sample that
most closely matches the number of seconds you specified. In this example, statistics are requested for the
previous two seconds. The closest sample available is actually for the previous 1 second plus 80 milliseconds.
Syntax: show process cpu [<num>]
The <num> parameter specifies the number of seconds and can be from 1 – 900. If you use this parameter, the
command lists the usage statistics only for the specified number of seconds. If you do not use this parameter, the
command lists the usage statistics for the previous one-second, one-minute, five-minute, and fifteen-minute
intervals.
13 - 16 June 2005
Configuring GARP VLAN Registration Protocol (GVRP)
CLI Examples
The following sections show the CLI commands for implementing the applications of GVRP described in
“Application Examples” on page 13-1.
NOTE: Although some of the devices in these configuration examples do not have statically configured VLANs,
this is not a requirement. You always can have statically configured VLANs on a device that is running GVRP.
June 2005 13 - 17
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
ProCurveRS(config)# gvrp-enable
ProCurveRS(config-gvrp)# enable all
These commands globally enable GVRP support and enable the protocol on all ports.
Enter the following commands on edge device A:
ProCurveRS> enable
ProCurveRS# configure terminal
ProCurveRS(config)# vlan 20
ProCurveRS(config-vlan-20)# untag ethernet 2/1
ProCurveRS(config-vlan-20)# tag ethernet 4/24
ProCurveRS(config-vlan-20)# vlan 40
ProCurveRS(config-vlan-40)# untag ethernet 2/1
ProCurveRS(config-vlan-40)# tag ethernet 4/24
ProCurveRS(config-vlan-40)# exit
ProCurveRS(config)# gvrp-enable
ProCurveRS(config-gvrp)# enable ethernet 4/24
ProCurveRS(config-gvrp)# block-learning ethernet 4/24
These commands statically configure two port-based VLANs, enable GVRP on port 4/24, and block GVRP
learning on the port. The device will advertise the VLANs but will not learn VLANs from other devices.
Enter the following commands on edge device B:
ProCurveRS> enable
ProCurveRS# configure terminal
ProCurveRS(config)# vlan 20
ProCurveRS(config-vlan-20)# untag ethernet 2/24
ProCurveRS(config-vlan-20)# tag ethernet 4/1
ProCurveRS(config-vlan-20)# vlan 30
ProCurveRS(config-vlan-30)# untag ethernet 4/24
ProCurveRS(config-vlan-30)# tag ethernet 4/1
ProCurveRS(config-vlan-30)# exit
ProCurveRS(config)# gvrp-enable
ProCurveRS(config-gvrp)# enable ethernet 4/1
ProCurveRS(config-gvrp)# block-learning ethernet 4/1
Enter the following commands on edge device C:
ProCurveRS> enable
ProCurveRS# configure terminal
ProCurveRS(config)# vlan 30
ProCurveRS(config-vlan-30)# untag ethernet 2/24
ProCurveRS(config-vlan-30)# tag ethernet 4/1
ProCurveRS(config-vlan-20)# vlan 40
ProCurveRS(config-vlan-40)# untag ethernet 4/24
ProCurveRS(config-vlan-40)# tag ethernet 4/1
ProCurveRS(config-vlan-40)# exit
ProCurveRS(config)# gvrp-enable
ProCurveRS(config-gvrp)# enable ethernet 4/1
ProCurveRS(config-gvrp)# block-learning ethernet 4/1
13 - 18 June 2005
Configuring GARP VLAN Registration Protocol (GVRP)
June 2005 13 - 19
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
13 - 20 June 2005
Chapter 14
Enabling the FDP and Reading
Cisco Discovery Protocol (CDP) Packets
Using FDP
FDP enables ProCurve Routing Switches to advertise themselves to other ProCurve Routing Switches on the
network. When you enable FDP on an HP device, the device periodically advertises information including the
following:
• Hostname (device ID)
• Product platform and capability
• Software version
• VLAN and Layer 3 protocol address information for the port sending the update. IP, IPX, and AppleTalk
Layer 3 information is supported.
An HP device running FDP sends FDP updates on Layer 2 to MAC address 01-E0-52-CC-CC-CC. Other HP
devices listening on that address receive the updates and can display the information in the updates. HP devices
can send and receive FDP updates on Ethernet.
FDP is disabled by default.
NOTE: If FDP is not enabled on an HP device that receives an FDP update or the device is running a software
release that does not support FDP, the update passes through the device at Layer 2.
Configuring FDP
The following sections describe how to enable FDP and how to change the FDP update and hold timers.
Enabling FDP Globally
To enable an HP device to globally send FDP packets, enter the following command at the global CONFIG level of
the CLI:
ProCurveRS(config)# fdp run
Syntax: [no] fdp run
The feature is disabled by default.
Enabling FDP at the Interface Level
Starting in software release 07.6.04, you can enable FDP at the interface level by entering commands such as the
following:
June 2005 14 - 1
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: If the HP device has intercepted CDP updates, then the CDP information is also displayed.
14 - 2 June 2005
Enabling the FDP and Reading Cisco Discovery Protocol (CDP) Packets
Local Int The interface on which this HP device received an FDP or CDP
update for the neighbor.
Holdtm The maximum number of seconds this device can keep the
information received in the update before discarding it.
Port ID The interface through which the neighbor sent the update.
June 2005 14 - 3
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
The show fdp neighbor detail command displays the following information.
Device ID The hostname of the neighbor. In addition, this line lists the VLAN
memberships and other VLAN information for the neighbor port that
sent the update to this device.
Entry address(es) The Layer 3 protocol addresses configured on the neighbor port that
sent the update to this device.
Port ID The interface through which the neighbor sent the update.
Holdtime The maximum number of seconds this device can keep the
information received in the update before discarding it.
14 - 4 June 2005
Enabling the FDP and Reading Cisco Discovery Protocol (CDP) Packets
This example shows information for Ethernet port 2/3. The port sends FDP updates every 5 seconds. Neighbors
that receive the updates can hold them for up to 180 seconds before discarding them.
Syntax: show fdp interface [ethernet <portnum>]
The ethernet <portnum> parameter lists the information only for the specified interface.
Displaying FDP and CDP Statistics
To display FDP and CDP packet statistics, enter the following command:
NOTE: This command clears all the updates for FDP and CDP.
NOTE: The HP device can interpret only the information fields that are common to both CDP version 1 and CDP
version 2.
June 2005 14 - 5
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: When you enable interception of CDP packets, the HP device drops the packets. As a result, Cisco
devices will no longer receive the packets.
14 - 6 June 2005
Enabling the FDP and Reading Cisco Discovery Protocol (CDP) Packets
To display detailed information for the neighbors, enter the following command:
To display information about a neighbor attached to a specific port, enter a command such as the following:
June 2005 14 - 7
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
To display CDP entries for a specific device, specify the device ID. Here is an example.
14 - 8 June 2005
Chapter 15
Updating Software Images and
Configuration Files
This chapter describes how to copy and save configuration files and software image files.
NOTE: If you are attempting to transfer a file using TFTP but have received an error message, see “Diagnostic
Error Codes and Remedies for TFTP Transfers” on page 18-26.
June 2005 15 - 1
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
15 - 2 June 2005
Updating Software Images and Configuration Files
10 Gigabit Ethernet The Gigabit Ethernet modules do not have The modules do not have flash code
modules boot code separate from the management separate from the management module.
module. However, they do have Field- However, they do have Field-
Programmable Gate Arrays (FPGAs). Programmable Gate Arrays (FPGAs).
See the next column.
To determine the versions that are running
on the modules, enter the show flash
command. The version information is
listed separately for each 10 Gigabit
Ethernet module in the chassis.
NOTE: This section applies to software releases 07.6.04 and later. For upgrade information regarding a specific
software release, see the release notes for that release.
Beginning with release 07.6.04, a new and improved compression algorithm is used to generate flash code
images. The new compression algorithm allows the software images to contain more features. Boot code version
07.6.04 and later knows how to decompress and load the new images. Boot code versions earlier than 07.6.04 do
not know how to decompress and load the new images. In addition, flash code versions 07.6.04 and later know
how to copy images that use the new compression method to flash memory. Earlier versions do not.
(To determine which boot code version is running on your device, use the show flash command. The line that
begins “Boot Image size” lists the boot code version, at the end of the line.)
If you are upgrading your device from flash code release 07.6.01b or earlier to release 07.6.04, you must first
upgrade the management module’s boot code to version 07.6.04 or later. In addition, you must use flash code
release 07.6.01b or later to copy the 07.6.04 flash code image file to flash memory.
To summarize, if you are upgrading from a pre-07.6.01b release to release 07.6.04 or later:
1. Upgrade the boot code on the management module to version 07.6.04.
2. Upgrade the flash code on the management module to version 07.6.01b, then reload the software.
3. Upgrade the flash code on the management module to version 07.6.04, then reload the software.
If you are upgrading from release 07.6.01b to release 07.6.04 or higher:
1. Upgrade the boot code on the management module to version 07.6.04.
2. Upgrade the flash code on the management module to version 07.6.04, then reload the software.
June 2005 15 - 3
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: HP devices are TFTP clients but not TFTP servers. You must perform the TFTP transaction from the HP
device. You cannot “put” a file onto the HP device using the interface of your TFTP server.
NOTE: If you are upgrading redundant management modules, the flash code is automatically copied from the
active management module to the standby module when you reload. However, the boot code is not automatically
copied. See “File Synchronization Between the Active and Standby Redundant Management Modules” on
page 3-11.
15 - 4 June 2005
Updating Software Images and Configuration Files
• reload (this command boots from the default boot source, which is the primary flash area by default)
• boot system flash primary | secondary
NOTE: When you reload the software after upgrading the flash code, the device displays a message stating
that the configuration has changed and asking whether you want to save the changes. This occurs even if
you do not make any configuration changes. The message occurs because the flash code places its version
number in the device's running-config when you load the code onto the device. You can select either to
reload without saving the configuration change or save the change and reload. If the only change to the
running-config is the flash code version number, then your choice does not affect the operation of the device.
NOTE: The MP and TSP flash code must have the same version number. Otherwise, the TSP functions are
disabled. You can display the version numbers of the MP and TSPs by entering the show vm-state command.
Also, if the version numbers are different, the command output displays a message.
NOTE: If you are upgrading from a TFTP server, make sure the chassis has network (IP) access to the server.
NOTE: If you are upgrading redundant management modules, the flash code is automatically copied from the
active management module to the standby module when you reload. However, the boot code is not automatically
copied. See “File Synchronization Between the Active and Standby Redundant Management Modules” on
page 3-11.
NOTE: When you reload the software after upgrading the flash code, the device displays a message stating that
the configuration has changed and asking whether you want to save the changes. This occurs even if you do not
make any configuration changes. The message occurs because the flash code places its version number in the
device's running-config when you load the code onto the device. You can select either to reload without saving the
configuration change or save the change and reload. If the only change to the running-config is the flash code
version number, then your choice does not affect the operation of the device.
June 2005 15 - 5
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
15 - 6 June 2005
Updating Software Images and Configuration Files
To copy the flash code from the primary flash to the secondary flash for each of the TSPs on the module, enter a
command such as the following:
ProCurveRS# vm copy flash flash secondary
Syntax: vm copy tftp flash <tftp-server-ip-addr> <image-file-name> primary | secondary
Syntax: vm copy flash flash primary | secondary
The primary and secondary parameters identify either the primary or secondary flash on the TSPs. For each
command, the parameter specifies the destination of the copy operation.
USING THE WEB MANAGEMENT INTERFACE
This procedure is not supported in the Web management interface.
NOTE: The write memory command saves the change to the startup-config file. You must save the
configuration change for the change to remain in effect after you reboot.
June 2005 15 - 7
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: You cannot select the interactive option using the Web management interface. To select this option,
use the CLI.
6. To specify a secondary boot source, go to step 5. The device tries the boot sources in the order you specify
them.
7. Select Add to add the change to the device’s running-config.
8. If you want the change to remain in effect following the next system reload, select the Save link to save the
configuration change to the startup-config file.
NOTE: In software releases earlier than 07.5.0.xx, the SNMP agent does not check for type validity with the
SNMP version. In software release 07.5.xx and above, the SNMP agent does not send a reply for a varbind, if the
type of the varbind is not a known type for that version of SNMP. For example, MIB objects of type Counter64
cannot be retrieved using a v1 packet, as Counter64 is a v2c and v3 type.
NOTE: Make sure you use the correct procedure for your device and processor type. For example, do not use
the Management Processor procedure to upgrade the Switching Processors on a module.
NOTE: The syntax shown in this section assumes that you have installed HP OpenView in the “/usr” directory.
NOTE: HP recommends that you make a backup copy of the startup-config file before you upgrade the software.
If you need to run an older release, you will need to use the backup copy of the startup-config file.
no snmp-server pw-check
15 - 8 June 2005
Updating Software Images and Configuration Files
This command disables password checking for SNMP set requests. If a third-party SNMP management
application does not add a password to the password field when it sends SNMP set requests to an HP device,
by default the HP device rejects the request.
3. From the command prompt in the UNIX shell, enter the following command:
<slotnum> is the slot that contains the module you are upgrading. To upgrade all modules of the type you
specified, enter 0 (zero):
24 – Download the flash code into the device’s primary flash area.
25 – Download the flash code into the device’s secondary flash area.
June 2005 15 - 9
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: If the value you enter is one of the valid powers of two for this parameter, the software still rounds the
value up to the next valid power of two. Thus, if you enter 2048, the software rounds the value up to 4096.
Rebooting
You can use boot commands to immediately initiate software boots from a software image stored in primary or
secondary flash on a ProCurve Routing Switch or from a BootP or TFTP server. You can test new versions of
code on a Routing Switch or choose the preferred boot source from the console boot prompt without requiring a
system reset.
NOTE: It is very important that you verify a successful TFTP transfer of the boot code before you reset the
system. If the boot code is not transferred successfully but you try to reset the system, the system will not have
the boot code with which to successfully boot.
By default, the Routing Switch first attempts to boot from the image stored in its primary flash, then its secondary
flash, and then from a TFTP server. You can modify this booting sequence at the global CONFIG level of the CLI
using the boot system… command.
USING THE CLI
To initiate an immediate boot from the CLI, enter one of the boot system… commands as described in the
Command Line Interface Reference for ProCurve 9300/9400 Series Routing Switches.
USING THE WEB MANAGEMENT INTERFACE
To initiate an immediate boot from the primary boot source:
1. Click on the plus sign next to Command in the tree view to expand the list of command options.
2. Select the Reload option.
3. Select Yes when the Web management interface asks you whether you really want to reload.
To initiate an immediate boot from a boot source other than the primary boot source:
1. Click on the plus sign next to Configure in the tree view to expand the list of configuration options.
2. Click on the plus sign next to System in the tree view to expand the list of system configuration options.
15 - 10 June 2005
Updating Software Images and Configuration Files
4. If the boot source with sequence 1 (the primary boot source) listed in the Boot Sequence List is the boot
source you want to use for the reload, use the procedure above. The device will use this boot source first.
Otherwise, go to the next step.
5. If the boot source with sequence 1 is not the boot source you want to use, select the boot source that is listed
as the primary source, then click Delete.
6. Click the boot source you want to use as the primary source. If you select TFTP server, enter the server’s IP
address and the image file name you want the device to download from the server.
7. Click the Apply button to save the change to the device’s running-config file.
8. Click the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to
the startup-config file on the device’s flash memory.
9. Click on the plus sign next to Command in the tree view to expand the list of command options.
10. Select the Reload option.
11. Select Yes when the Web management interface asks you whether you really want to reload.
NOTE: While TFTP transfers are in process, a red bar labeled “processing” is displayed on the screen. When
the TFTP transfer is actively transferring image or configuration data, a green bar labeled 'loading' is displayed.
When a successful transfer is complete, the message “TFTP transfer complete” is displayed.
If a problem with the transfer occurs, one of the error codes listed in “Diagnostic Error Codes and Remedies for
TFTP Transfers” on page 18-26 is displayed.
June 2005 15 - 11
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
• Running configuration file – This file contains the configuration active in the system RAM but not yet saved
to flash. These changes could represent a short-term requirement or general configuration change. To
display this file, enter the show running-config or write terminal command at any CLI prompt.
Each device can have one startup configuration file and one running configuration file. The startup configuration
file is shared by both flash modules. The running configuration file resides in DRAM.
When you load the startup-config file, the CLI parses the file three times.
1. During the first pass, the parser searches for system-max commands. A system-max command changes
the size of statically configured memory.
2. During the second pass, the parser implements the system-max commands if present and also implements
trunk configuration commands (trunk command) if present.
3. During the third pass, the parser implements the remaining commands.
15 - 12 June 2005
Updating Software Images and Configuration Files
If the startup-config file was modified by a valid user, the following Syslog message is generated:
startup-config was changed by <username>
USING THE CLI
To disable or re-enable Syslog messages when the startup-config file is changed, use the following command:
Syntax: [no] logging enable config-changed
USING THE WEB MANAGEMENT INTERFACE
You cannot disable logging of startup-config changes using the Web management interface.
NOTE: You can name the configuration file when you copy it to a TFTP server. However, when you copy a
configuration file from the server to an HP device, the file is always copied as “startup-config” or “running-config”,
depending on which type of file you saved to the server.
5. Enter the address of the TFTP server in the TFTP Server IP field.
6. Enter the configuration file name in the Configuration File Name field.
June 2005 15 - 13
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
NOTE: While TFTP transfers are in process, a red bar labeled “processing” is displayed on the screen. When
the TFTP transfer is actively transferring image or configuration data, a green bar labeled “loading” is displayed.
When a successful transfer is complete, the message “TFTP transfer complete” is displayed.
If a problem with the transfer occurs, one of the error codes listed in “Diagnostic Error Codes and Remedies for
TFTP Transfers” on page 18-26 is displayed.
15 - 14 June 2005
Updating Software Images and Configuration Files
• The default CLI configuration level in a configuration file is the global CONFIG level. Thus, the first command
in the file must be a global CONFIG command or “ ! ”. The ! (exclamation point) character means “return to
the global CONFIG level”.
NOTE: You can enter text following “ ! “ as a comment. However, the “ !” is not a comment marker. It
returns the CLI to the global configuration level.
NOTE: In software releases earlier than 07.1.x, the CLI ignores the “ ! “ instead of changing the CLI to the
global CONFIG level, when you load the configuration using the copy tftp running-config <ip-addr>
<filename> command. In software release 07.1.x and later, the CLI does change the CLI to the global
CONFIG level, when you load the configuration using the copy tftp running-config <ip-addr> <filename>
command or the ncopy tftp <ip-addr> <filename> running-config command.
In all releases, the CLI changes to the global CONFIG level if you load the configuration as a startup-config
file instead of the running-config (using the copy tftp startup-config <ip-addr> <filename> command or
ncopy tftp <ip-addr> <from-name> startup-config command).
NOTE: If you copy-and-paste a configuration into a management session, the CLI ignores the “ ! “ instead of
changing the CLI to the global CONFIG level. As a result, you might get different results if you copy-and-
paste a configuration instead of loading the configuration using TFTP.
• Make sure you enter each command at the correct CLI level. Since some commands have identical forms at
both the global CONFIG level and individual configuration levels, if the CLI’s response to the configuration file
results in the CLI entering a configuration level you did not intend, then you can get unexpected results.
For example, if a trunk group is active on the device, and the configuration file contains a command to disable
STP on one of the secondary ports in the trunk group, the CLI rejects the commands to enter the interface
configuration level for the port and moves on to the next command in the file you are loading. If the next
command is a spanning-tree command whose syntax is valid at the global CONFIG level as well as the
interface configuration level, then the software applies the command globally. Here is an example:
June 2005 15 - 15
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
To successfully replace the address, enter commands into the file as follows:
interface ethernet 3/11
no ip address 20.20.20.69/24
ip address 10.10.10.69/24
This time, the CLI accepts the command, and no error message is displayed:
ProCurveRS(config)# interface ethernet 3/11
ProCurveRS(config-if-e100-3/1)# no ip add 20.20.20.69/24
ProCurveRS(config-if-e100-3/1)# ip add 10.10.10.69/24
ProCurveRS(config-if-e100-3/1)
• Always use the end command at the end of the file. The end command must appear on the last line of the
file, by itself.
Loading the Configuration Information into the Running-Config
You can load the configuration information from a TFTP server. To load the file from a TFTP server, use either of
the following commands:
• copy tftp running-config <ip-addr> <filename>
• ncopy tftp <ip-addr> <filename> running-config
a.The running-config and startup-config file can each be the size listed.
The maximum size is not the maximum combined size for the running-
config and startup-config files.
15 - 16 June 2005
Updating Software Images and Configuration Files
NOTE: The lines displaying the size of the running-config are not actually part of the running-config itself.
NOTE: The syntax shown in this section assumes that you have installed HP OpenView in the “/usr” directory.
1. Configure a read-write community string on the HP device, if one is not already configured. To configure a
read-write community string, enter the following command from the global CONFIG level of the CLI:
no snmp-server pw-check
This command disables password checking for SNMP set requests. If a third-party SNMP management
application does not add a password to the password field when it sends SNMP set requests to an HP device,
by default the HP device rejects the request.
3. From the command prompt in the UNIX shell, enter the following command:
20 – Upload the startup-config file from the HP device’s flash memory to the TFTP server.
June 2005 15 - 17
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
21 – Download a startup-config file from a TFTP server to the HP device’s flash memory.
22 – Upload the running-config from the HP device’s flash memory to the TFTP server.
23 – Download a configuration file from a TFTP server into the HP device’s running-config.
NOTE: Command option 23 adds configuration information to the running-config on the device, and does
not replace commands. If you want to replace configuration information in the device, use “no” forms of the
configuration commands to remove the configuration information, then use configuration commands to create
the configuration information you want. Follow the guidelines in “Dynamic Configuration Loading” on
page 18-20.
NOTE: The scheduled reload feature requires the system clock. You can use a Simple Network Time Protocol
(SNTP) server to set the clock or you can set the device clock manually. See “Specifying a Simple Network Time
Protocol (SNTP) Server” on page 8-12 or “Setting the System Clock” on page 8-14.
15 - 18 June 2005
Updating Software Images and Configuration Files
June 2005 15 - 19
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
6 TFTP out of buffer space. The file is larger than the amount of room
on the device or TFTP server.
If you are copying an image file to flash,
first copy the other image to your TFTP
server, then delete it from flash. (Use the
erase flash... CLI command at the
Privileged EXEC level to erase the image
in the flash.)
If you are copying a configuration file to
flash, edit the file to remove unneeded
information, then try again.
7 TFTP busy, only one TFTP session can be Another TFTP transfer is active on
active. another CLI session or Web management
session.
Wait, then retry the transfer.
16 TFTP remote - general error. The TFTP configuration has an error. The
specific error message describes the
17 TFTP remote - no such file. error.
18 TFTP remote - access violation. Correct the error, then retry the transfer.
15 - 20 June 2005
Appendix A
Using Syslog
This appendix describes how to display Syslog messages and how to configure the Syslog facility, and lists the
Syslog messages that a ProCurve Routing Switch can display during standard operation.
NOTE: This appendix does not list Syslog messages that can be displayed when a debug option is enabled. For
information about Syslog messages that are displayed by a debug option, see the Diagnostic Guide for ProCurve
9300/9400 Series Routing Switches.
Overview
An HP device’s software can write syslog messages to provide information at the following severity levels:
• Emergencies
• Alerts
• Critical
• Errors
• Warnings
• Notifications
• Informational
• Debugging
The device writes the messages to a local buffer. In software release earlier than 07.6.04, the local buffer can hold
up to 100 entries. Beginning with software release 07.6.04, the buffer can hold up to 1000 entries.
You also can specify the IP address or host name of up to six Syslog servers. When you specify a Syslog server,
the HP device writes the messages both to the system log and to the Syslog server.
Using a Syslog server ensures that the messages remain available even after a system reload. The HP device’s
local Syslog buffer is cleared during a system reload or reboot, but the Syslog messages sent to the Syslog server
remain on the server.
The Syslog service on a Syslog server receives logging messages from applications on the local host or from
devices such as a Routing Switch. Syslog adds a time stamp to each received message and directs messages to
a log file. Most Unix workstations come with Syslog configured. Some third party vendor products also provide
Syslog running on NT.
Syslog uses UDP port 514 and each Syslog message thus is sent with destination port 514. Each Syslog
message is one line with Syslog message format. The message is embedded in the text portion of the Syslog
format. There are several subfields in the format. Keywords are used to identify each subfield, and commas are
delimiters. The subfield order is insensitive except that the text subfield should be the last field in the message.
All the subfields are optional.
For information about the Syslog configuration information, time stamps, and dynamic and static buffers, see
“Displaying the Syslog Configuration” on page A-3.
Enabling Real-Time Display of Syslog Messages
By default, to view Syslog messages generated by an HP device, you need to display the Syslog buffer or the log
on a Syslog server used by the HP device.
You can enable real-time display of Syslog messages on the management console. When you enable this feature,
the software displays a Syslog message on the management console when the message is generated.
When you enable the feature, the software displays Syslog messages on the serial console when they occur.
However, to enable display of real-time Syslog messages in Telnet or SSH sessions, you also must enable display
within the individual sessions.
USING THE CLI
To enable real-time display of Syslog messages, enter the following command at the global CONFIG level of the
CLI:
ProCurveRS(config)# logging console
Syntax: [no] logging console
This command enables the real-time display of Syslog messages on the serial console. You can enter this
command from the serial console or a Telnet or SSH session.
To also enable the real-time display for a Telnet or SSH session, enter the following command from the Privileged
EXEC level of the session:
telnet@ProCurveRS# terminal monitor
Syslog trace was turned ON
Syntax: terminal monitor
Notice that the CLI displays a message to indicate the status change for the feature. To disable the feature in the
management session, enter the terminal monitor command again. The command toggles the feature on and off.
The Syslog display shows the following configuration information, in the rows above the log entries themselves.
flushes The number of times the Syslog buffer has been cleared by the clear
logging command or equivalent Web management interface option.
See “Clearing the Syslog Messages from the Local Buffer” on page A-
12.
overruns The number of times the dynamic log buffer has filled up and been
cleared to hold new entries. For example, if the buffer is set for 100
entries, the 101st entry causes an overrun. After that, the 201st entry
causes a second overrun.
level The message levels that are enabled. Each letter represents a
message type and is identified by the key (level code) below the value.
If you disable logging of a message level, the code for that level is not
listed.
messages logged The total number of messages that have been logged since the
software was loaded.
The static and dynamic buffers are both displayed when you display the log.
Notice that the static buffer contains two separate messages for fan failures. Each message of each type has its
own buffer. Thus, if you replace fan 1 but for some reason that fan also fails, the software replaces the first
message about the failure of fan 1 with the newer message. The software does not overwrite the message for
fan 2, unless the software sends a newer message for fan 2.
When you clear log entries, you can selectively clear the static or dynamic buffer, or you can clear both. For
example, to clear only the dynamic buffer, enter the following command at the Privileged EXEC level:
ProCurveRS# clear logging dynamic-buffer
Syntax: clear logging [dynamic-buffer | static-buffer]
You can specify dynamic-buffer to clear the dynamic buffer or static-buffer to clear the static buffer. If you do not
specify a buffer, both buffers are cleared.
Time Stamps
The contents of the time stamp differ depending on whether you have set the time and date on the onboard
system clock.
• If you have set the time and date on the onboard system clock, the date and time are shown in the following
format:
mm dd hh:mm:ss
where:
• mm – abbreviation for the name of the month
• dd – day
• hh – hours
• mm – minutes
• ss – seconds
For example, “Oct 15 17:38:03” means October 15 at 5:38 PM and 3 seconds.
• If you have not set the time and date on the onboard system clock, the time stamp shows the amount of time
that has passed since the device was booted, in the following format:
<num>d<num>h<num>m<num>s
where:
• <num>d – day
• <num>h – hours
• <num>m – minutes
• <num>s – seconds
For example, “188d1h01m00s” means the device had been running for 188 days, 11 hours, one minute, and
zero seconds when the Syslog entry with this time stamp was generated.
Example of Syslog Messages on a Device Whose Onboard Clock Is Set
The example shows the format of messages on a device whose onboard system clock has been set. Each time
stamp shows the month, the day, and the time of the system clock when the message was generated. For
example, the system time when the most recent message (the one at the top) was generated was October 15 at
5:38 PM and 3 seconds.
recent message, at the top of the list of messages, was generated when the device had been running for 21 days,
seven hours, two minutes, and 40 seconds.
4. Select Disable or Enable next to Logging to disable or enable the Syslog service on the device. The service
is enabled by default.
5. Optionally change the number of entries the local Syslog buffer can hold. The buffer size can be from
1 – 100. The default is 50.
NOTE: A change in the buffer size takes effect only after you restart the system. The buffer size does not
affect how many entries the device can log on a Syslog server. The number of entries the device can log on
the server depends on the server’s configuration.
6. Select the messages facility. The default is User. For a list of values, display the pulldown menu.
7. Select the message levels you want the device to log. All the levels are logged by default.
8. Click Apply to save the changes to the device’s running-config file.
9. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
10. To view a list of the Syslog servers that have been defined, click the Show Log Server link under the Apply
and Reset buttons to display the Log Server panel.
The list shows the IP Addresses and UDP Ports of the Syslog Servers.
11. To delete an entry, click on the Delete button for that entry.
12. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
13. To add a Syslog server, click on the Add Log Server link under the dialog to display the System Log Server
panel.
14. Enter the IP address of the new Syslog server, if you want the device to log messages on the Syslog server
as well as in the local buffer.
15. Enter the UDP port on the server that will be used for logging messages.
16. Click on the Add button to add the server to the list. You can add up to six Syslog servers.
17. When you have finished, select the Save link at the bottom of the dialog. Select Yes when prompted to save
the configuration change to the startup-config file on the device’s flash memory.
NOTE: You can specify a server name only if you have already configured the DNS Resolver feature. See the
“Configuring IP” chapter in the Advanced Configuration and Management Guide for ProCurve 9300/9400 Series
Routing Switches.
A - 10 June 2005
Using Syslog
NOTE: If you decrease the size of the buffer, the software clears the buffer before placing the change into effect.
If you increase the size of the buffer, the software does not clear existing entries.
NOTE: You can specify only one facility. If you configure the HP device to use two Syslog servers, the device
uses the same facility on both servers.
June 2005 A - 11
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
A - 12 June 2005
Using Syslog
Syslog Messages
Table A.2 lists all of the Syslog messages. The messages are listed by message level, in the following order:
• Emergencies (none)
• Alerts
• Critical
• Errors
• Warnings
• Notifications
• Informational
• Debugging
Alert Power supply <num>, <location>, failed A power supply has failed.
The <num> is the power supply number.
The <location> describes where the failed
power supply is in the chassis. The location
can be one of the following:
• In 4-slot Routing Switches:
• left side power supply
• right side power supply
• In 8-slot Routing Switches:
• bottom power supply
• middle bottom power supply
• middle top power supply
• top power supply
• In 15-slot Routing Switches:
• left side power supply
• second from left power supply
• second from right power supply
• right side power supply
June 2005 A - 13
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Alert <num-modules> modules and 1 power Indicates that the chassis needs more power
supply, need more power supply!! supplies to run the modules in the chassis.
The <num-modules> parameter indicates
the number of modules in the chassis.
A - 14 June 2005
Using Syslog
Alert OSPF LSA Overflow, LSA Type = Indicates an LSA database overflow.
<lsa-type>
The <lsa-type> parameter indicates the type
of LSA that experienced the overflow
condition. The LSA type is one of the
following:
• 1 – Router
• 2 – Network
• 3 – Summary
• 4 – Summary
• 5 – External
Alert MAC Authentication failed for <mac- RADIUS authentication failed for the
address> on <portnum> (Invalid User) specified <mac-address> on the specified
<portnum> because the MAC address sent
to the RADIUS server was not found in the
RADIUS server’s users database.
Alert MAC Authentication failed for <mac- RADIUS authentication was successful for
address> on <portnum> the specified <mac-address> on the
specified <portnum>; however, the VLAN
returned in the RADIUS Access-Accept
message did not refer to a valid VLAN or
VLAN ID on the HP device. This is treated
as an authentication failure.
Alert MAC Authentication failed for <mac- RADIUS authentication was successful for
address> on <portnum> (No VLAN Info the specified <mac-address> on the
received from RADIUS server) specified <portnum>; however, dynamic
VLAN assignment was enabled for the port,
but the RADIUS Access-Accept message did
not include VLAN information. This is
treated as an authentication failure.
Alert MAC Authentication failed for <mac- Multi-device port authentication failed for the
address> on <portnum> (RADIUS given <mac-address> on a tagged port because
VLAN does not match with TAGGED vlan) the packet with this MAC address as the
source was tagged with a VLAN ID different
from the RADIUS-supplied VLAN ID.
Alert MAC Authentication failed for <mac- RADIUS authentication was successful for
address> on <portnum> (RADIUS given vlan the specified <mac-address> on the
does not exist) specified <portnum>; however, the RADIUS
Access-Accept message specified a VLAN
that does not exist in the HP device’s
configuration. This is treated as an
authentication failure.
June 2005 A - 15
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Alert MAC Authentication failed for <mac- RADIUS authentication was successful for
address> on <portnum> (Port is already in the specified <mac-address> on the
another radius given vlan) specified <portnum>; however, the RADIUS
Access-Accept message specified a VLAN
ID, although the port had previously been
moved to a different RADIUS-assigned
VLAN. This is treated as an authentication
failure.
Critical Authentication shut down <portnum> due to Denial of Service (DoS) attack protection
DOS attack was enabled for multi-device port
authentication on the specified <portnum>,
and the per-second rate of RADIUS
authentication attempts for the port
exceeded the configured limit. The HP
device considers this to be a DoS attack and
disables the port.
Error No of prefixes received from BGP peer <ip- The Routing Switch has received more than
addr> exceeds maximum prefix- the specified maximum number of prefixes
limit...shutdown from the neighbor, and the Routing Switch is
therefore shutting down its BGP4 session
with the neighbor.
Warning Locked address violation at interface Indicates that a port on which you have
e<portnum>, address <mac-address> configured a lock-address filter received a
packet that was dropped because the
packet’s source MAC address did not match
an address learned by the port before the
lock took effect.
The e<portnum> is the port number.
The <mac-address> is the MAC address that
was denied by the address lock.
Assuming that you configured the port to
learn only the addresses that have valid
access to the port, this message indicates a
security violation.
Warning NTP server <ip-addr> failed to respond Indicates that a Simple Network Time
Protocol (SNTP) server did not respond to
the device’s query for the current time.
The <ip-addr> indicates the IP address of
the SNTP server.
A - 16 June 2005
Using Syslog
Warning Dup IP <ip-addr> detected, sent from MAC Indicates that the HP device received a
<mac-addr> interface <portnum> packet from another device on the network
with an IP address that is also configured on
the HP device.
The <ip-addr> is the duplicate IP address.
The <mac-addr> is the MAC address of the
device with the duplicate IP address.
The <portnum> is the HP port that received
the packet with the duplicate IP address.
The address is the packet’s source IP
address.
Warning mac filter group denied packets on port Indicates that a Layer 2 MAC filter group
<portnum> src macaddr <mac-addr>, configured on a port has denied packets.
<num> packets
The <portnum> is the port on which the
packets were denied.
The <mac-addr> is the source MAC address
of the denied packets.
The <num> indicates how many packets
matching the values above were dropped
during the five-minute interval represented
by the log entry.
Warning list <acl-num> denied <ip-proto> Indicates that an Access Control List (ACL)
<src-ip-addr> (<src-tcp/udp-port>) denied (dropped) packets.
(Ethernet <portnum> <mac-addr>) ->
The <acl-num> indicates the ACL number.
<dst-ip-addr> (<dst-tcp/udp-port>),
Numbers 1 – 99 indicate standard ACLs.
1 event(s)
Numbers 100 – 199 indicate extended ACLs.
The <ip-proto> indicates the IP protocol of
the denied packets.
The <src-ip-addr> is the source IP address
of the denied packets.
The <src-tcp/udp-port> is the source TCP or
UDP port, if applicable, of the denied
packets.
The <portnum> indicates the port number on
which the packet was denied.
The <mac-addr> indicates the source MAC
address of the denied packets.
The <dst-ip-addr> indicates the destination
IP address of the denied packets.
The <dst-tcp/udp-port> indicates the
destination TCP or UDP port number, if
applicable, of the denied packets.
June 2005 A - 17
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Warning rip filter list <list-num> <direction> V1 | V2 Indicates that a RIP route filter denied
denied <ip-addr>, <num> packets (dropped) packets.
The <list-num> is the ID of the filter list.
The <direction> indicates whether the filter
was applied to incoming packets or outgoing
packets. The value can be one of the
following:
• in
• out
The V1 or V2 value specifies the RIP version
(RIPv1 or RIPv2).
The <ip-addr> indicates the network number
in the denied updates.
The <num> indicates how many packets
matching the values above were dropped
during the five-minute interval represented
by the log entry.
Warning No of prefixes received from BGP peer <ip- The Routing Switch has received more than
addr> exceeds warning limit <num> the allowed percentage of prefixes from the
neighbor.
The <ip-addr> is the IP address of the
neighbor.
The <num> is the number of prefixes that
matches the percentage you specified. For
example, if you specified a threshold of 100
prefixes and 75 percent as the warning
threshold, this message is generated if the
Routing Switch receives a 76th prefix from
the neighbor.
Notification Module was inserted to slot <slot-num> Indicates that a module was inserted into a
chassis slot.
The <slot-num> is the number of the chassis
slot into which the module was inserted.
Notification Module was removed from slot <slot-num> Indicates that a module was removed from a
chassis slot.
The <slot-num> is the number of the chassis
slot from which the module was removed.
Notification ACL insufficient L4 cam resource, using flow The port does not have a large enough CAM
based ACL instead partition for the ACLs. To re-partition the
CAM, see the “Changing CAM Partitions“
chapter in the Diagnostic Guide for ProCurve
9300/9400 Series Routing Switches.
A - 18 June 2005
Using Syslog
Notification OSPF interface state changed, Indicates that the state of an OSPF interface
rid <router-id>, intf addr <ip-addr>, has changed.
state <ospf-state>
The <router-id> is the router ID of the HP
device.
The <ip-addr> is the interface’s IP address.
The <ospf-state> indicates the state to which
the interface has changed and can be one of
the following:
• down
• loopback
• waiting
• point-to-point
• designated router
• backup designated router
• other designated router
• unknown
Notification OSPF virtual intf state changed, Indicates that the state of an OSPF virtual
rid <router-id>, area <area-id>, routing interface has changed.
nbr <ip-addr>, state <ospf-state>
The <router-id> is the router ID of the router
the interface is on.
The <area-id> is the area the interface is in.
The <ip-addr> is the IP address of the OSPF
neighbor.
The <ospf-state> indicates the state to which
the interface has changed and can be one of
the following:
• down
• loopback
• waiting
• point-to-point
• designated router
• backup designated router
• other designated router
• unknown
June 2005 A - 19
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Notification OSPF nbr state changed, rid <router-id>, nbr Indicates that the state of an OSPF neighbor
addr <ip-addr>, nbr rid <nbr-router-Id>, state has changed.
<ospf-state>
The <router-id> is the router ID of the HP
device.
The <ip-addr> is the IP address of the
neighbor.
The <nbr-router-id> is the router ID of the
neighbor.
The <ospf-state> indicates the state to which
the interface has changed and can be one of
the following:
• down
• attempt
• initializing
• 2-way
• exchange start
• exchange
• loading
• full
• unknown
A - 20 June 2005
Using Syslog
Notification OSPF virtual nbr state changed, Indicates that the state of an OSPF virtual
rid <router-id>, nbr addr <ip-addr>, neighbor has changed.
nbr rid <nbr-router-id>, state <ospf-state>
The <router-id> is the router ID of the HP
device.
The <ip-addr> is the IP address of the
neighbor.
The <nbr-router-id> is the router ID of the
neighbor.
The <ospf-state> indicates the state to which
the interface has changed and can be one of
the following:
• down
• attempt
• initializing
• 2-way
• exchange start
• exchange
• loading
• full
• unknown
June 2005 A - 21
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Notification OSPF intf config error, rid <router-id>, Indicates that an OSPF interface
intf addr <ip-addr>, configuration error has occurred.
pkt src addr <src-ip-addr>,
The <router-id> is the router ID of the HP
error type <error-type>, pkt type <pkt-type>
device.
The <ip-addr> is the IP address of the
interface on the HP device.
The <src-ip-addr> is the IP address of the
interface from which the HP device received
the error packet.
The <error-type> can be one of the following:
• bad version
• area mismatch
• unknown NBMA neighbor
• unknown virtual neighbor
• authentication type mismatch
• authentication failure
• network mask mismatch
• hello interval mismatch
• dead interval mismatch
• option mismatch
• unknown
The <packet-type> can be one of the
following:
• hello
• database description
• link state request
• link state update
• link state ack
• unknown
A - 22 June 2005
Using Syslog
Notification OSPF virtual intf config error, Indicates that an OSPF virtual routing
rid <router-id>, intf addr <ip-addr>, interface configuration error has occurred.
pkt src addr <src-ip-addr>,
The <router-id> is the router ID of the HP
error type <error-type>, pkt type <pkt-type>
device.
The <ip-addr> is the IP address of the
interface on the HP device.
The <src-ip-addr> is the IP address of the
interface from which the HP device received
the error packet.
The <error-type> can be one of the following:
• bad version
• area mismatch
• unknown NBMA neighbor
• unknown virtual neighbor
• authentication type mismatch
• authentication failure
• network mask mismatch
• hello interval mismatch
• dead interval mismatch
• option mismatch
• unknown
The <packet-type> can be one of the
following:
• hello
• database description
• link state request
• link state update
• link state ack
• unknown
June 2005 A - 23
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Notification OSPF intf authen failure, rid <router-id>, Indicates that an OSPF interface
intf addr <ip-addr>, authentication failure has occurred.
pkt src addr <src-ip-addr>,
The <router-id> is the router ID of the HP
error type <error-type>, pkt type <pkt-type>
device.
The <ip-addr> is the IP address of the
interface on the HP device.
The <src-ip-addr> is the IP address of the
interface from which the HP device received
the authentication failure.
The <error-type> can be one of the following:
• bad version
• area mismatch
• unknown NBMA neighbor
• unknown virtual neighbor
• authentication type mismatch
• authentication failure
• network mask mismatch
• hello interval mismatch
• dead interval mismatch
• option mismatch
• unknown
The <packet-type> can be one of the
following:
• hello
• database description
• link state request
• link state update
• link state ack
• unknown
A - 24 June 2005
Using Syslog
Notification OSPF virtual intf authen failure, Indicates that an OSPF virtual routing
rid <router-id>, intf addr <ip-addr>, interface authentication failure has occurred.
pkt src addr <src-ip-addr>,
The <router-id> is the router ID of the HP
error type <error-type>, pkt type <pkt-type>
device.
The <ip-addr> is the IP address of the
interface on the HP device.
The <src-ip-addr> is the IP address of the
interface from which the HP device received
the authentication failure.
The <error-type> can be one of the following:
• bad version
• area mismatch
• unknown NBMA neighbor
• unknown virtual neighbor
• authentication type mismatch
• authentication failure
• network mask mismatch
• hello interval mismatch
• dead interval mismatch
• option mismatch
• unknown
The <packet-type> can be one of the
following:
• hello
• database description
• link state request
• link state update
• link state ack
• unknown
June 2005 A - 25
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Notification OSPF intf rcvd bad pkt, rid <router-id>, Indicates that an OSPF interface received a
intf addr <ip-addr>, bad packet.
pkt src addr <src-ip-addr>,
The <router-id> is the router ID of the HP
pkt type <pkt-type>
device.
The <ip-addr> is the IP address of the
interface on the HP device.
The <src-ip-addr> is the IP address of the
interface from which the HP device received
the authentication failure.
The <packet-type> can be one of the
following:
• hello
• database description
• link state request
• link state update
• link state ack
• unknown
Notification OSPF virtual intf rcvd bad pkt, Indicates that an OSPF interface received a
rid <router-id>, intf addr <ip-addr>, bad packet.
pkt src addr <src-ip-addr>,
The <router-id> is the router ID of the HP
pkt type <pkt-type>
device.
The <ip-addr> is the IP address of the
interface on the HP device.
The <src-ip-addr> is the IP address of the
interface from which the HP device received
the authentication failure.
The <packet-type> can be one of the
following:
• hello
• database description
• link state request
• link state update
• link state ack
• unknown
A - 26 June 2005
Using Syslog
Notification OSPF intf retransmit, rid <router-id>, An OSPF interface on the HP device has
intf addr <ip-addr>, nbr rid <nbr-router-id>, retransmitted a Link State Advertisement
pkt type is <pkt-type>, LSA type <lsa-type>, (LSA).
LSA id <lsa-id>, LSA rid <lsa-router-id>
The <router-id> is the router ID of the HP
device.
The <ip-addr> is the IP address of the
interface on the HP device.
The <nbr-router-id> is the router ID of the
neighbor Routing Switch.
The <packet-type> can be one of the
following:
• hello
• database description
• link state request
• link state update
• link state ack
• unknown
The <lsa-type> is the type of LSA.
The <lsa-id> is the LSA ID.
The <lsa-router-id> is the LSA router ID.
June 2005 A - 27
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Notification OSPF virtual intf retransmit, rid <router-id>, An OSPF interface on the HP device has
intf addr <ip-addr>, nbr rid <nbr-router-id>, retransmitted a Link State Advertisement
pkt type is <pkt-type>, LSA type <lsa-type>, (LSA).
LSA id <lsa-id>, LSA rid <lsa-router-id>
The <router-id> is the router ID of the HP
device.
The <ip-addr> is the IP address of the
interface on the HP device.
The <nbr-router-id> is the router ID of the
neighbor Routing Switch.
The <packet-type> can be one of the
following:
• hello
• database description
• link state request
• link state update
• link state ack
• unknown
The <lsa-type> is the type of LSA.
The <lsa-id> is the LSA ID.
The <lsa-router-id> is the LSA router ID.
Notification OSPF originate LSA, rid <router-id>, An OSPF interface has originated an LSA.
area <area-id>, LSA type <lsa-type>,
The <router-id> is the router ID of the HP
LSA id <lsa-id>,
device.
LSA router id <lsa-router-id>
The <area-id> is the OSPF area.
The <lsa-type> is the type of LSA.
The <lsa-id> is the LSA ID.
The <lsa-router-id> is the LSA router ID.
Notification OSPF max age LSA, rid <router-id>, An LSA has reached its maximum age.
area <area-id>, LSA type <lsa-type>,
The <router-id> is the router ID of the HP
LSA id <lsa-id>, LSA rid <lsa-router-id>
device.
The <area-id> is the OSPF area.
The <lsa-type> is the type of LSA.
The <lsa-id> is the LSA ID.
The <lsa-router-id> is the LSA router ID.
A - 28 June 2005
Using Syslog
Notification OSPF LSDB overflow, rid <router-id>, A Link State Database Overflow (LSDB)
limit <num> condition has occurred.
The <router-id> is the router ID of the HP
device.
The <num> is the number of LSAs.
Notification OSPF LSDB approaching overflow, The software is close to an LSDB condition.
rid <router-id>, limit <num>
The <router-id> is the router ID of the HP
device.
The <num> is the number of LSAs.
Notification OSPF intf rcvd bad pkt: Bad Checksum, rid The device received an OSPF packet that
<ip-addr>, intf addr <ip-addr>, pkt size had an invalid checksum.
<num>, checksum <num>, pkt src addr <ip-
The rid <ip-addr> is HP device’s router ID.
addr>, pkt type <type>
The intf addr <ip-addr> is the IP address of
the HP interface that received the packet.
The pkt size <num> is the number of bytes in
the packet.
The checksum <num> is the checksum value
for the packet.
The pkt src addr <ip-addr> is the IP address
of the neighbor that sent the packet.
The pkt type <type> is the OSPF packet type
and can be one of the following:
• hello
• database description
• link state request
• link state update
• link state acknowledgement
• unknown (indicates an invalid packet
type)
Notification OSPF intf rcvd bad pkt: Bad Packet type, rid The device received an OSPF packet with an
<ip-addr>, intf addr <ip-addr>, pkt size invalid type.
<num>, checksum <num>, pkt src addr <ip-
The parameters are the same as for the Bad
addr>, pkt type <type>
Checksum message. The pkt type <type>
value is “unknown”, indicating that the packet
type is invalid.
Notification OSPF intf rcvd bad pkt: Unable to find The neighbor IP address in the packet is not
associated neighbor, rid <ip-addr>, intf addr on the HP device’s list of OSPF neighbors.
<ip-addr>, pkt size <num>, checksum
The parameters are the same as for the Bad
<num>, pkt src addr <ip-addr>, pkt type
Checksum message.
<type>
June 2005 A - 29
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Notification OSPF intf rcvd bad pkt: Invalid packet size, The device received an OSPF packet with an
rid <ip-addr>, intf addr <ip-addr>, pkt size invalid packet size.
<num>, checksum <num>, pkt src addr <ip-
The parameters are the same as for the Bad
addr>, pkt type <type>
Checksum message.
Notification VRRP intf state changed, A state change has occurred in a Virtual
intf <portnum>, vrid <virtual-router-id>, Router Redundancy Protocol (VRRP)
state <vrrp-state> interface.
The <portnum> is the port.
The <virtual-router-id> is the virtual router ID
(VRID) configured on the interface.
The <vrrp-state> can be one of the following:
• init
• master
• backup
• unknown
Notification BGP Peer <ip-addr> UP (ESTABLISHED) Indicates that a BGP4 neighbor has come
up.
The <ip-addr> is the IP address of the
neighbor’s BGP4 interface with the HP
device.
Notification BGP Peer <ip-addr> DOWN (IDLE) Indicates that a BGP4 neighbor has gone
down.
The <ip-addr> is the IP address of the
neighbor’s BGP4 interface with the HP
device.
Notification Local ICMP exceeds <burst-max> burst The number of ICMP packets exceeds the
packets, stopping for <lockup> seconds!! <burst-max> threshold set by the ip icmp
burst command. The HP device may be the
victim of a Denial of Service (DoS) attack.
All ICMP packets will be dropped for the
number of seconds specified by the
<lockup> value. When the lockup period
expires, the packet counter is reset and
measurement is restarted.
Notification Local TCP exceeds <burst-max> burst The number of TCP SYN packets exceeds
packets, stopping for <lockup> seconds!! the <burst-max> threshold set by the ip tcp
burst command. The HP device may be the
victim of a TCP SYN DoS attack.
All TCP SYN packets will be dropped for the
number of seconds specified by the
<lockup> value. When the lockup period
expires, the packet counter is reset and
measurement is restarted.
A - 30 June 2005
Using Syslog
Notification Transit ICMP in interface <portnum> Threshold parameters for ICMP transit
exceeds <num> burst packets, stopping for (through) traffic have been configured on an
<num> seconds!! interface, and the maximum burst size for
ICMP packets on the interface has been
exceeded.
The <portnum> is the port number.
The first <num> is the maximum burst size
(maximum number of packets allowed).
The second <num> is the number of
seconds during which additional ICMP
packets will be blocked on the interface.
Note: This message can occur in response
to an attempted Smurf attack.
Notification Local TCP exceeds <num> burst packets, Threshold parameters for local TCP traffic on
stopping for <num> seconds!! the device have been configured, and the
maximum burst size for TCP packets has
been exceeded.
The first <num> is the maximum burst size
(maximum number of packets allowed).
The second <num> is the number of
seconds during which additional TCP
packets will be blocked on the device.
Note: This message can occur in response
to an attempted TCP SYN attack.
Notification Transit TCP in interface <portnum> exceeds Threshold parameters for TCP transit
<num> burst packets, stopping for <num> (through) traffic have been configured on an
seconds!! interface, and the maximum burst size for
TCP packets on the interface has been
exceeded.
The <portnum> is the port number.
The first <num> is the maximum burst size
(maximum number of packets allowed).
The second <num> is the number of
seconds during which additional TCP
packets will be blocked on the interface.
Note: This message can occur in response
to an attempted TCP SYN attack.
Notification DOT1X issues software but not physical port The device has indicated that the specified
up indication of Port <portnum> to other port has been authenticated, but the actual
software applications port may not be active.
Notification DOT1X issues software but not physical port The device has indicated that the specified is
down indication of Port <portnum> to other no longer authorized, but the actual port may
software applications still be active.
June 2005 A - 31
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Notification MAC Authentication succeeded for <mac- RADIUS authentication was successful for
address> on <portnum> the specified <mac-address> on the
specified <portnum>.
Informational Warm start The system software (flash code) has been
reloaded.
Informational <user-name> login to USER EXEC mode A user has logged into the USER EXEC
mode of the CLI.
The <user-name> is the user name.
Informational <user-name> logout from USER EXEC A user has logged out of the USER EXEC
mode mode of the CLI.
The <user-name> is the user name.
Informational <user-name> login to PRIVILEGED mode A user has logged into the Privileged EXEC
mode of the CLI.
The <user-name> is the user name.
Informational <user-name> logout from PRIVILEGED A user has logged out of Privileged EXEC
mode mode of the CLI.
The <user-name> is the user name.
Informational SNMP Auth. failure, intruder IP: <ip-addr> A user has tried to open a management
session with the device using an invalid
SNMP community string.
The <ip-addr> is the IP address of the host
that sent the invalid community string.
Informational Interface <portnum>, line protocol up The line protocol on a port has come up.
The <portnum> is the port number.
Informational Interface <portnum>, line protocol down The line protocol on a port has gone down.
The <portnum> is the port number.
A - 32 June 2005
Using Syslog
Informational Trunk group (<ports>) created by 802.3ad 802.3ad link aggregation is configured on the
link-aggregation module. device, and the feature has dynamically
created a trunk group (aggregate link).
The <ports> is a list of the ports that were
aggregated to make the trunk group.
Informational Bridge root changed, vlan <vlan-id>, new A Spanning Tree Protocol (STP) topology
root ID <string>, root interface <portnum> change has occurred.
The <vlan-id> is the ID of the VLAN in which
the STP topology change occurred.
The <root-id> is the STP bridge root ID.
The <portnum> is the number of the port
connected to the new root bridge.
Informational Bridge is new root, vlan <vlan-id>, A Spanning Tree Protocol (STP) topology
root ID <root-id> change has occurred, resulting in the HP
device becoming the root bridge.
The <vlan-id> is the ID of the VLAN in which
the STP topology change occurred.
The <root-id> is the STP bridge root ID.
Informational Bridge topology change, vlan <vlan-id>, A Spanning Tree Protocol (STP) topology
interface <portnum>, changed state to change has occurred on a port.
<stp-state>
The <vlan-id> is the ID of the VLAN in which
the STP topology change occurred.
The <portnum> is the port number.
The <stp-state> is the new STP state and
can be one of the following:
• disabled
• blocking
• listening
• learning
• forwarding
• unknown
Informational vlan <vlan-id> interface <portnum> Bridge 802.1W recognized a topology change event
TC Event (DOT1wTransition) in the bridge. The topology change event is
the forwarding action that started on a non-
edge Designated port or Root port.
June 2005 A - 33
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Informational vlan <vlan-id> interface <portnum> STP 802.1W changed the state of a port to a new
state -> <state> (DOT1wTransition) state: forwarding, learning, blocking. If the
port changes to blocking, the bridge port is in
discarding state.
Informational vlan <vlan-id> New RootPort <portnum> 802.1W changed the port’s role to Root port,
(RootSelection) using the root selection computation.
Informational vlan <vlan-id> New RootBridge <mac- 802.1W selected a new root bridge as a
address> RootPort <portnum> (BpduRcvd) result of the BPDUs received on a bridge
port.
Informational vlan <vlan-id> Bridge is RootBridge <mac- 802.1W changed the current bridge to be the
address> (MgmtPriChg) root bridge of the given topology due to
administrative change in bridge priority.
Informational vlan <vlan-id> Bridge is RootBridge <mac- The message age expired on the Root port
address> (MsgAgeExpiry) so 802.1W changed the current bridge to be
the root bridge of the topology.
Informational DOT1X: Port <portnum>, The status of the interface’s controlled port
AuthControlledPortStatus change: has changed from unauthorized to
authorized authorized.
Informational DOT1X: Port <portnum>, The status of the interface’s controlled port
AuthControlledPortStatus change: has changed from authorized to
unauthorized unauthorized.
Informational DOT1X: Port <portnum> currently used vlan- A user has completed 802.1X authentication.
id changes to <vlan-id> due to dot1x- The profile received from the RADIUS server
RADIUS vlan assignment specifies a VLAN ID for the user. The port to
which the user is connected has been moved
to the VLAN indicated by <vlan-id>.
Informational DOT1X: Port <portnum> currently used vlan- The user connected to <portnum> has
id is set back to port default vlan-id <vlan-id> disconnected, causing the port to be moved
back into its default VLAN, <vlan-id>.
Informational DOT1X Port <portnum> is unauthorized 802.1X authentication could not take place
because system resource is not enough or on the port. This happened because strict
the invalid information to set the dynamic security mode was enabled and one of the
assigned IP ACLs or MAC address filters following occurred:
• Insufficient system resources were
available on the device to apply an IP
ACL or MAC address filter to the port
• Invalid information was received from
the RADIUS server (for example, the
Filter-ID attribute did not refer to an
existing IP ACL or MAC address filter)
Informational Port <portnum>, srcip-security max-ipaddr- The address limit specified by the
per-int reached.Last IP=<ipaddr> srcip-security max-ipaddr-per-interface
command has been reached for the port.
A - 34 June 2005
Using Syslog
Informational telnet | SSH | web access [by <username>] There were failed web, SSH, or Telnet login
from src IP <source ip address>, src MAC access attempts from the specified source IP
<source MAC address> rejected, <n> and MAC address.
attempt(s)
• [by <user> <username>] does not
appear if telnet or SSH clients are
specified.
• <n> is the number of times this SNMP
trap occurred in the last five minutes, or
other configured number of minutes.
Informational user <username> added | deleted | modified A user created, modified, or deleted a local
from console | telnet | ssh | web | snmp user account via the Web, SNMP, console,
SSH, or Telnet session.
Informational vlan <vlan id> added | deleted | modified A user created, modified, or deleted a VLAN
from console | telnet | ssh | web | snmp via the Web, SNMP, console, SSH, or Telnet
session session.
Informational ACL <acl id> added | deleted | modified from A user created, modified, deleted, or applied
console | telnet | ssh | web | snmp session an ACL via the Web, SNMP, console, SSH,
or Telnet session.
Informational MAC Filter added | deleted | modified from A user created, modified, deleted, or applied
console | telnet | ssh | web | snmp session this MAC filter via the Web, SNMP, console,
filter id = <MAC filter ID>, src mac = <Source SSH, or Telnet session.
MAC address> | any, dst mac = <Destination
MAC address> | any
Informational SNMP read-only community | read-write A user made SNMP configuration changes
community | contact | location | user | group | via the Web, SNMP, console, SSH, or Telnet
view | engineld | trap [host] [<value -str>] session.
deleted | added | modified from console |
[<value-str>] does not appear in the
telnet | ssh | web | snmp session
message if SNMP community or engineld
is specified.
Informational Syslog server <IP-address> deleted | added A user made Syslog configuration changes
| modified from console | telnet | ssh | web | to the specified Syslog server address, or
snmp enabled or disabled a Syslog operation via
the Web, SNMP, console, SSH, or Telnet
OR
session.
Syslog operation enabled | disabled from
console | telnet | ssh | web | snmp
Informational SSH | telnet server enabled | disabled from A user enabled or disabled an SSH or Telnet
console | telnet | ssh | web | snmp session session, or changed the SSH enable/disable
[by user <username>] configuration via the Web, SNMP, console,
SSH, or Telnet session.
June 2005 A - 35
Installation and Basic Configuration Guide for ProCurve 9300 Series Routing Switches
Informational Port <portnum>, srcip-security max-ipaddr- The address limit specified by the
per-int reached.Last IP=<ipaddr> srcip-security max-ipaddr-per-interface
command has been reached for the port.
Debug BGP4: Not enough memory available to run The device could not start the BGP4 routing
BGP4 protocol because there is not enough
memory available.
Debug DOT1X: Not enough memory There is not enough system memory for
802.1X authentication to take place. Contact
HP Technical Support.
A - 36 June 2005
Appendix B
Enhanced Performance (EP) Chassis Modules
NOTE: This appendix describes EP chassis modules. For general hardware information, including power
specifications, see the “Hardware Specifications” in the Quick Start Guide shipped with your Routing Switch and
also available on:
• The Documentation CD-ROM shipped with your HP ProCurve 9300 management modules
• The HP ProCurve website
For more information on HP ProCurve 9300 publications and how to get the latest versions from the HP ProCurve
website, refer to “Organization of Product Documentation on page xv in this manual.
EP Modules
Table B.1 lists the EP modules for 9300 series Routing Switches.
NOTE: You cannot use EP modules and non-EP modules in the same chassis.
J4881A/Ba Forwarding module 48 10/100 Ethernet ports RJ-45s for Cat-5 copper
J4895A Forwarding module 16 Gigabit Ethernet Copper RJ-45s for Cat-5 copper
ports (100/1000 Mbps)
The modules listed in Table B.1 are described in the following sections.
Hardware Overview
EP ASICs
EP module ports are managed by the following custom ASICs:
• Integrated Gigabit Controllers (IGCs) – Ethernet packet controllers for Gigabit ports. Each Gigabit Ethernet
module contains two IGCs.
• Integrated Packet Controllers (IPCs) – Ethernet packet controllers for 10/100 ports. Each 10/100 Ethernet
module contains two IPCs.
These custom ASICs perform address lookup, data formatting and data movement for Ethernet packets. The
Gigabit Ethernet modules use IGCs. The 10/100 modules use IPCs.
Each Gigabit Ethernet management or forwarding module has two IGCs.
• IGC 1 manages ports 1 – 4 on the module.
• IGC 2 manages ports 5 – 8 on the module.
Each 10/100 forwarding module has two IPCs:
• IPC 1 manages ports 1 – 24 on the module.
• IPC 2 manages ports 25 – 48 on the module.
Generally, you do not need to know which IGC or IPC is managing a port. However, the information is useful for a
few features such as port monitoring. The documentation repeats the IGC and IPC port mapping information
where needed.
Serial Management Interface
On management modules, the serial management interface enables you to configure and manage the device
using a third-party terminal emulation application on a directly connected PC. A straight-through EIA/TIA DB-9
serial cable (M/F) is shipped with the device.
Reset Button
On management modules, the reset button allows you to restart the system. The button is recessed to prevent it
from being pushed accidentally.
Temperature Sensor
Every EP module contains a temperature sensor. Depending on the temperature reported by the sensor, the
software can send a warning if the temperature exceeds the normal threshold and can even shut the device down
if the temperature exceeds the safe threshold. The software reads the temperature sensor according to the
system poll time, which is 60 seconds by default.
You can display the temperature of the device. You also can change the warning and shutdown temperatures
and the chassis poll time. See “Using the Temperature Sensor” on page 6-47.
Console
1 Link 2 3 Link 4 5 Link 6 7 Link 8 Active
LINK ACT
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16
The J4895A module provides 16 RJ-45 connectors for Cat5 cabling. You can connect each port to a 100 Mbps or
1000 Mbps segment. The ports automatically detect the speed of the network and configure themselves
accordingly. You also can manually configure a port for 100 Mbps or 1000 Mbps. The ports also support
automatic MDI/MDIX crossover.
The pin assignments and the status LEDs are the same as the ones for the 100 and 1000 Mbps ports on other HP
modules. See Table B.3 on page B-3.
1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47
2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48
RJ-45 Interfaces
Each port on the J4881A/B module has its own RJ-45 connector. Each connector supports a 10/100 Ethernet
network segment on Category 5 (Cat5) wire.
• Use a crossover cable to connect to another Routing Switch. A crossover cable swaps the wires so that the
send signal on one port connects to the receive signal on the other port, and so on.
• Use a straight-through cable to connect to an end station or server. A straight-through cable does not swap
the wires.
Figure B.4 shows the pin assignments and signalling for crossover connections on the 10/100 ports.
Figure B.4 Crossover pin assignment and signalling for 10/100BaseTX ports
1 RD+ 1 RD+
2 RD- 2 RD-
8 1 3 TD+ 3 TD+
4 Not used 4 CMT
5 Not used 5 CMT
6 TD- 6 TD-
1 8 7 Not used 7 CMT
8 Not used 8 CMT
1 12 13 24 25 36 37 48
RJ-21 Interfaces
The EP Telco module provides four 50-pin connectors for attaching to 48 10/100 Ethernet segments. The
connectors use the RJ-21 wiring standard, which uses four wires for each network segment. Each connector
supports 12 segments. Figure B.6 shows an example of a Telco serial cable.
Pin 1 Pin 25
Pin 26 Pin 50
To connect the EP module to the network, you can use a cable that terminates in another 50-pin connector or one
that terminates in 12 RJ-45 connectors, depending on the patch panel you are using.
NOTE: HP does not provide the cables or patch panels. However, you can order cables and patch panels from
Superior Module Products, www.superiormod.com.
Figure B.7 shows an example of a patch panel that accepts a 50-pin connector, and converts the signals to 12 RJ-
45 sockets. Each of the RJ-45 sockets uses four signals per the RJ-21 wiring standard. You can use Cat5 cables
with RJ-45 connectors to plug your network devices into the patch panel.
1 2 3 4 5 6 13 14 15 16 17 18 25 26 27 28 29 30 37 38 39 40 41 42
Table B.4 shows the output signals on each EP Telco 50-pin connector. Notice that each 10/100 port uses four
signals. Two of the signals are for transmit and the other two are for receive. Signals 25 and 50 are not used.
1 1 RxD ( - ) 26 RxD ( + )
2 TxD ( - ) 27 TxD ( + )
2 3 RxD ( - ) 28 RxD ( + )
4 TxD ( - ) 29 TxD ( + )
3 5 RxD ( - ) 30 RxD ( + )
6 TxD ( - ) 31 TxD ( + )
4 7 RxD ( - ) 32 RxD ( + )
8 TxD ( - ) 33 TxD ( + )
5 9 RxD ( - ) 34 RxD ( + )
10 TxD ( - ) 35 TxD ( + )
6 11 RxD ( - ) 36 RxD ( + )
12 TxD ( - ) 37 TxD ( + )
7 13 RxD ( - ) 38 RxD ( + )
14 TxD ( - ) 39 TxD ( + )
8 15 RxD ( - ) 40 RxD ( + )
16 TxD ( - ) 41 TxD ( + )
9 17 RxD ( - ) 42 RxD ( + )
18 TxD ( - ) 43 TxD ( + )
10 19 RxD ( - ) 44 RxD ( + )
20 TxD ( - ) 45 TxD ( + )
11 21 RxD ( - ) 46 RxD ( + )
22 TxD ( - ) 47 TxD ( + )
12 23 RxD ( - ) 48 RxD ( + )
24 TxD ( - ) 49 TxD ( + )
Configuration Considerations
• 9300 series EP modules do not require a new chassis. You can use the modules in your installed chassis.
• You cannot use EP modules and Standard (non-EP) modules in the same chassis.
NOTE: For a list of features supported on a specific product, see the data sheet for that product.
IEEE Compliance
HP devices support the following standards.
• 802.1D Bridging
• 802.1p/q VLAN Tagging
• 802.1w Rapid Spanning Tree (RSTP)
• 802.1X Port-Based Network Access Control
• 802.3, 10BaseT
• 802.3ad Link Aggregation
• 802.3ae 10000BaseX
• 802.3u, 100BaseTX, 100BaseFX
• 802.3z 1000BaseSX, 1000BaseLX
• 802.3x Flow Control
RFC Support
The following table lists the RFCs supported by HP devices.
1657 Definitions of Managed Objects for the Fourth Version of the Border Gateway Protocol
1905 Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)
1906 Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)
2003 IP Tunneling
2068 HTTP
2572 Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)
2574 User-based Security (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)
2575 View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)
2674 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering and Virtual LAN
Extensions
3176 InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks
Internet Drafts
In addition to the RFCs listed in “RFC Support” on page C-2, the Routing Switches support the following Internet
drafts:
• ietf-idmr-dvmrp version 3.05, obsoletes RFC 1075
• draft-ietf-pim-dm-05 (V1)
• draft-ietf-pim-v2-dm-03 (V2)
• The TACACS+ Protocol version 1.78
NOTE: For information about Enhanced Performance chassis modules, see “Enhanced Performance (EP)
Chassis Modules” on page B-1.
Control Features
This section describes the external control features of the Routing Switches.
Control Panels
The following sections show the control features of HP devices.
Routing Switch
Serial
Port
1 Link 2 3 Link 4 5 Link 6 7 Link 8
Power
Supply
LED
AC Power
Connector
Ports
The following port types are supported on ProCurve Routing Switches.
10 Gigabit Ethernet
The 10 Gigabit ports are compliant with the 10 Gigabit Ethernet standard, IEEE 802.3ae. HP 10 Gigabit ports
support 1310nm and 1510nm serial connections to single-mode fiber. The port connectors are SC connectors.
1000BaseT Gigabit Copper (GC) Ports
The 1000BaseT Gigabit Copper (GC) ports are compliant with the IEEE 802.3ab standard and can provide
Gigabit throughput over standard category-5 (“Cat-5”) copper wiring. The port connectors are RJ-45s, the same
as the connectors on HP’s 10/100 modules. Thus, you can immediately deploy the GC ports without recabling.
Starting with Enterprise software release 07.7.00, copper mini-GBICs are supported on Gigabit Ethernet modules.
You can use fiber mini-GBICs on some ports on a Gigabit Ethernet module, and copper mini-GBICs on others.
Copper mini-GBICs are supported only on EP Gigabit Ethernet modules. Note that the copper mini-GBICs can
operate in 1000 Mbps autonegotiation mode only. You cannot configure them to operate in other modes.
10BaseT/100BaseTX Ports
The 10BaseT/100BaseTX ports are auto-sensing, auto-negotiating ports. Most have RJ-45 UTP connectors.
These ports accept category-5 Unshielded Twisted Pair (UTP) cables. The EP 48-port Telco module uses RJ-21
connectors.
100BaseFX Ports
The 100BaseFX ports are equipped with MT-RJ connectors and operate at 100 Mbps in full-duplex mode.
1000BaseSX Ports
The 1000BaseSX ports operate in full-duplex mode and are equipped with SC connectors on fixed-configuration
modules and can be mini-GBICs with LC connectors for mini-GBIC modules that support this port type. Multi-
mode fiber cabling is supported.
1000BaseLX
The 1000BaseLX ports operate in full-duplex mode and are equipped with SC connectors on fixed-configuration
modules and come as mini-GBICs for mini-GBIC modules that support this port type. Both single-mode fiber
(SMF) and multi-mode fiber (MMF) cabling is supported. The 1000BaseLX ports must be connected to another
1000BaseLX port. Connection to a 1000BaseSX port is not supported.
NOTE: 1000BaseSX and 1000BaseLX ports also support auto-negotiation when the auto-gig option is enabled
on the system.
LEDs
Each HP device is equipped with LEDs that denote port and power supply status. The tables below reflect the
different port and expansion module port states.
Reset Button
The reset button allows you to restart the system. The reset button is recessed to prevent it from being pushed
accidentally. The reset button is located to the right of the serial port on the management module as labeled in
Figure D.1.
Power Specifications
Table D.4: ProCurve Routing Switch Power Supply Ratings
a.Assumes that the minimum number of Power Supplies required for operation are connected to the same
wall outlet/circuit.
b.Number of power supplies installed for N+1 or 100% redundancy in the chassis does not increase Maxi-
mum Ratings.
Physical Dimensions
Operating Environment
• Operating Temperature: 32° – 104° F, 0° – 40° C
• Relative Humidity: 5% – 90%, non-condensing
• Operating Altitude: 0 – 6,562 feet (2,000 meters)
Storage Environment
• Storage Temperature: -40° – 158° F, -40° – 70° C
• Storage Humidity: 95% maximum, non-condensing
• Storage Altitude: 10,000 feet (3,000 meter) maximum
Electromagnetic Emissions
• FCC Class A, Part 15, Subpart B
• EN 55022A Class A
• VCCI Class A
• EN50082-1
Laser
• Class 1 Laser Product
• Laser Klasse 1
• Complies with IEC 825-2:1993
The cautions and warnings that appear in this manual are listed below in English, German, French, and Spanish.
Cautions
A caution calls your attention to a possible hazard that can damage equipment.
"Vorsicht" weist auf eine mögliche Beschädigung des Geräts hin. Sie finden die folgenden Vorsichtshinweise in
diesem Handbuch.
Une mise en garde attire votre attention sur un risque possible d'endommagement de l'équipement. Ci-dessous,
vous trouverez les mises en garde utilisées dans ce manuel.
Un mensaje de precaución le advierte sobre un posible peligro que pueda dañar el equipo. Las siguientes son
precauciones utilizadas en este manual.
CAUTION: By default, the delete option deletes all files on the flash card. Make sure you specify the files
you want to delete.
VORSICHT: Gemäß Vorgabe löscht die Option "Delete" (Löschen) alle Dateien auf der Flash-Karte.
Stellen Sie sicher, dass Sie die zu löschenden Dateien angeben.
MISE EN GARDE: Par défaut, l'option de suppression supprime tous les fichiers de la carte mémoire. Assurez-
vous de spécifier les fichiers que vous voulez supprimer.
PRECAUCIÓN: Por defecto, la opción de anular anula todos los archivos de la tarjeta flash. Verifique que
especifica los archivos que quiere anular.
CAUTION: Carefully follow the mechanical guides on each side of the power supply slot and make sure
the power supply is properly inserted in the guides. Never insert the power supply upside
down.
VORSICHT: Beachten Sie mechanischen Führungen an jeder Seite des Netzteils, das ordnungegemäß in
die Führungen gesteckt werden muss. Das Netzteil darf niemals umgedreht eingesteckt
werden.
MISE EN GARDE: Suivez attentivement les repères mécaniques de chaque côté du slot du bloc d'alimentation
et assurez-vous que le bloc d'alimentation est bien inséré dans les repères. N'insérez jamais
le bloc d'alimentation à l'envers.
PRECAUCIÓN: Siga cuidadosamente las guías mecánicas de cada lado de la ranura del suministro de
energía y verifique que el suministro de energía está insertado correctamente en las guías.
No inserte nunca el suministro de energía de manera invertida.
CAUTION: Do not add or remove a flash card while a file operation involving the flash card's slot is in
progress. Doing so can result in corruption of the flash card. If this occurs, you may need to
reformat the flash card to make it usable again. Reformatting the card erases all data stored
on the card.
VORSICHT: Eine Flash-Karte darf nur dann eingesteckt oder herausgenommen werden, wenn keine
Dateifunktion läuft, die der Flash-Karte bedarf. Wenn dies nicht beachtet wird, kann dies zur
Korruption der Flash-Karte führen. Die Karte kann dann erst nach Neuformattierung wieder
benutzt werden. Bei Neuformattietung gehen alle auf der Karte gespeicherten Daten
verloren.
MISE EN GARDE: N'ajoutez pas ou ne supprimez pas une carte mémoire au cours d'une opération de fichier
dans laquelle le slot de carte mémoire est impliqué. Vous risquez sinon de corrompre la carte
mémoire. Si cela se produit, vous devrez peut-être reformater la carte mémoire pour qu'elle
soit à nouveau utilisable. Le reformatage de la carte efface toutes les données qui y sont
stockées.
PRECAUCIÓN: No añada ni quite una tarjeta flash mientras una operación de archivo que conlleve el uso de
una ranura de tarjeta flash se encuentre en uso. De hacerlo así se podría dar lugar a la
corrupción de la tarjeta flash. Si esto ocurriera, podría ser necesario que vuelva a formatear
la tarjeta flash para hacer que vuelva sea utilizable. Cuando se formatea la tarjeta se borran
todos los datos almacenados en la tarjeta.
CAUTION: Do not install the device in an environment where the operating ambient temperature might
exceed 40° C (104° F).
VORSICHT: Das Gerät darf nicht in einer Umgebung mit einer Umgebungsbetriebstemperatur von über
40° C (104° F) installiert werden.
MISE EN GARDE: N'installez pas le dispositif dans un environnement où la température d'exploitation ambiante
risque de dépasser 40° C (104° F).
PRECAUCIÓN: No instale el instrumento en un entorno en el que la temperatura ambiente de operación
pueda exceder los 40°C (104° F).
CAUTION: Ensure that the device does not overload the power circuits, wiring, and over-current
protection. To determine the possibility of overloading the supply circuits, add the ampere
(amp) ratings of all devices installed on the same circuit as the device. Compare this total
with the rating limit for the circuit. The maximum ampere ratings are usually printed on the
devices near the input power connectors.
VORSICHT: Stromkreise, Verdrahtung und Überlastschutz dürfen nicht durch das Gerät überbelastet
werden. Addieren Sie die Nennstromleistung (in Ampere) aller Geräte, die am selben
Stromkreis wie das Gerät installiert sind. Somit können Sie feststellen, ob die Gefahr einer
Überbelastung der Versorgungsstromkreise vorliegt. Vergleichen Sie diese Summe mit der
Nennstromgrenze des Stromkreises. Die Höchstnennströme (in Ampere) stehen
normalerweise auf der Geräterückseite neben den Eingangsstromanschlüssen.
MISE EN GARDE: Assurez-vous que le dispositif ne risque pas de surcharger les circuits d'alimentation, le
câblage et la protection de surintensité. Pour déterminer le risque de surcharge des circuits
d'alimentation, additionnez l'intensité nominale (ampères) de tous les dispositifs installés sur
le même circuit que le dispositif en question. Comparez alors ce total avec la limite de charge
du circuit. L'intensité nominale maximum en ampères est généralement imprimée sur chaque
dispositif près des connecteurs d'entrée d'alimentation.
PRECAUCIÓN: Verifique que el instrumento no sobrecargue los circuitos de corriente, el cableado y la
protección para sobrecargas. Para determinar la posibilidad de sobrecarga en los circuitos de
suministros, añada las capacidades nominales de corriente (amp) de todos los instrumentos
instalados en el mismo circuito que el instrumento. Compare esta suma con el límite nominal
para el circuito. Las capacidades nominales de corriente máximas están generalmente
impresas en los instrumentos, cerca de los conectores de corriente de entrada.
CAUTION: Make sure the air flow around the front, sides, and back of the device is not restricted.
VORSICHT: Stellen Sie sicher, dass an der Vorderseite, den Seiten und an der Rückseite der Luftstrom
nicht behindert wird.
MISE EN GARDE: Vérifiez que rien ne restreint la circulation d'air devant, derrière et sur les côtés du dispositif et
qu'elle peut se faire librement.
PRECAUCIÓN: Asegúrese de que el flujo de aire en las inmediaciones de las partes anterior, laterales y
posterior del instrumento no esté restringido.
CAUTION: Make sure the flash card is empty or does not contain files you want to keep. Formatting a
flash card completely erases all files on the card.
VORSICHT: Stellen Sie sicher, dass die Flash-Karte leer ist oder keine Dateien auf ihr gespeichert sind,
die Sie behalten möchten. Die Formattierung einer Flash-Karte löscht alle Dateien auf der
Karte.
MISE EN GARDE: Vérifiez que la carte mémoire est vide ou ne contient pas de fichiers que vous voulez
conserver. Le reformatage de la carte mémoire efface tous les fichiers qui s'y trouvent.
PRECAUCIÓN: Verifique que la tarjeta flash esté vacía o que no contenga archivos que desee conservar. Al
formatear una tarjeta flash todos los archivos de ésta se borran.
CAUTION: Make sure you insert the power supply right-side up. It is possible to insert the supply upside
down, although the supply will not engage with the power backplane when upside down. The
power supply is right-side up when the power connector is on the left and the fan vent is on
the right.
VORSICHT: Sicher Sie sicher, dass Sie das Netzteil mit der richtigen Seite nach oben weisend
einstecken. Man kann die Karte auch umgekehrt einstecken. Allerdings rastet das
umgekehrte Netzteil nicht in die Netzstrom-Rückwandplatine ein. Die rechte Seite des
Netzteils weist nach oben, wenn sich der Stromanschlussstecker links und der
Ventilatorschlitz rechts befindet.
MISE EN GARDE: Assurez-vous d'insérer le bloc d'alimentation dans le bon sens. Il est possible de l'insérer " la
tête en bas ", mais le bloc d'alimentation ne s'enclenchera pas dans la face arrière
d'alimentation s'il est inséré à l'envers. Le bloc d'alimentation est dans le bon sens lorsque le
connecteur se trouve sur le côté gauche et le ventilateur sur la droite.
PRECAUCIÓN: Verifique que inserta el suministro de corriente con la cara correcta hacia arriba. Es posible
insertar el suministro hacia abajo, pese a que este no se conectará con el enchufe posterior
de esta forma. El suministro de potencia estará con la cara correcta hacia arriba cuando el
conector de corriente quede a la izquierda y la abertura del ventilador queda a la derecha.
CAUTION: Once you start the formatting process, you cannot stop it. Even if you enter CTRL-C to stop
the CLI output and a new prompt appears, the formatting continues. Make sure you want to
format the card before you enter the command.
VORSICHT: Wenn Sie mit dem Formattieren beginnen, können Sie diesen Prozess nicht anhalten. Selbst
wenn zum Anhalten der CLI-Ausgabe Strg-C drücken und eine neue Aufforderung gezeigt
wird, wird mit dem Formattieren fortgefahren. Stellen Sie sicher, dass Sie die Karte
formattieren wollen, bevor Sie den Befehl eingeben.
MISE EN GARDE: Une fois le processus de formatage commencé, vous ne pouvez pas l'interrompre. Même si
vous appuyez sur CTRL-C pour arrêter la sortie CLI et si une nouvelle invite apparaît, le
formatage continue. Soyez bien sûr de vouloir formater la carte avant d'entrer la commande.
PRECAUCIÓN: Una vez que empiece con el proceso de formateado, no se puede detener. Incluso si pulsa
CTRL-C para detener la salida de CLI y aparece un nuevo indicador, el formateado
continuará. Esté seguro que desea formatear la tarjeta antes de introducir el comando.
CAUTION: Remove the power cord from a power supply before you install it in or remove it from the
device. Otherwise, the power supply or the device could be damaged as a result. (The
device can be running while a power supply is being installed or removed, but the power
supply itself should not be connected to a power source.)
VORSICHT: Nehmen Sie vor dem Anschließen oder Abtrennen des Geräts das Stromkabel vom Netzteil
ab. Ansonsten könnten das Netzteil oder das Gerät beschädigt werden. (Das Gerät kann
während des Anschließens oder Annehmens des Netzteils laufen. Nur das Netzteil sollte
nicht an eine Stromquelle angeschlossen sein.)
MISE EN GARDE: Enlevez le cordon d'alimentation d'un bloc d'alimentation avant de l'installer ou de l'enlever du
dispositif. Sinon, le bloc d'alimentation ou le dispositif risque d'être endommagé. (Le dispositif
peut être en train de fonctionner lorsque vous installez ou enlevez un bloc d'alimentation,
mais le bloc d'alimentation lui-même ne doit pas être connecté à une source d'alimentation.)
PRECAUCIÓN: Retire el cordón de corriente del suministro de corriente antes de instalarlo o retírarlo del
instrumento. De no hacerse así, el suministro de corriente o el instrumento podrían resultar
dañados. (El instrumento puede estar encendido mientras se instala o retira un suministro de
corriente, pero el suministro de corriente en sí no deberá conectado a la corriente).
CAUTION: The software does not have an undelete option. Make sure you really want to delete the file.
VORSICHT: Die Software verfügt über keine Option "Undelete" (Löschung rückgängig machen). Stellen
Sie sicher, dass Sie die Datei wirklich löschen wollen.
MISE EN GARDE: Le logiciel n'a pas d'option permettant d'annuler la suppression. Soyez donc bien sûr de
vouloir supprimer le fichier.
PRECAUCIÓN: El software no dispone de una opción de recuperar lo anulado. Esté plenamente seguro de
que quiere anular el archivo.
CAUTION: To provide additional safety and proper airflow to the device, make sure that slot cover plates
are installed on all chassis slots that do not have either a module or power supply installed.
VORSICHT: Für mehr Sicherheit und eine bessere Luftzufuhr zum Gerät müssen Sie sicherstellen, dass
die Abdeckplatten für die Steckplätze an allen Chassissteckplätzen montiert sind und dass in
diesen keine Module oder Netzteile installiert sind.
MISE EN GARDE: Pour fournir une sécurité supplémentaire et une circulation d'air adéquate pour le dispositif,
vérifiez que des caches de slots sont installés sur tous les slots du châssis dans lesquels un
module ou un bloc d'alimentation n'est pas installé.
PRECAUCIÓN: Para proporcionar seguridad adicional y un flujo de aire apropiado al instrumento, verifique
que las placas de cierre de las ranuras estén instaladas en todas las ranuras del chasis que
no tengan un módulo o un suministro de corriente instalado.
CAUTION: Use at least two separate branch circuits for the power. This provides redundancy in case
one of the circuits fails.
VORSICHT: Verwenden Sie wenigstens zwei getrennte Stromkreise für die Stromversorgung. Somit steht
Ihnen im Fall des Ausfalls eines Stromkreises ein Ersatzstromkreis zur Verfügung.
MISE EN GARDE: Utilisez au moins deux circuits de dérivation différents pour l'alimentation. Ainsi, il y aura un
circuit redondant en cas de panne d'un des circuits.
PRECAUCIÓN: Use al menos dos circuitos derivados separados para la corriente. Esto proporciona
redundancia en el caso que uno de los circuitos falle.
CAUTION: Use the erase startup-config command only for new systems. If you enter this command on a
system you have already configured, the command erases the configuration. If you
accidentally do erase the configuration on a configured system, enter the write memory
command to save the running configuration to the startup-config file.
VORSICHT: Verwenden Sie den Befehl "Erase startup-config" (Löschen Startup-Konfig) nur für neue
Systeme. Wenn Sie diesen Befehl in ein bereits konfiguriertes System eingeben, löscht der
Befehl die Konfiguration. Falls Sie aus Versehen die Konfiguration eines bereits konfigurierten
Systems löschen, geben Sie den Befehl "Write Memory" (Speicher schreiben) ein, um die
laufende Konfiguration in der Startup-Konfig-Datei zu speichern.
MISE EN GARDE: N'utilisez la commande erase startup-config que pour les nouveaux systèmes. Si vous entrez
cette commande sur un système que vous avez déjà configuré, elle efface la configuration. Si
vous effacez la configuration par accident sur un système configuré, entrez la commande
write memory pour enregistrer la configuration actuelle dans le fichier startup-config.
PRECAUCIÓN: Use el comando erase startup-config (borrar configuración de inicio) para sistemas nuevos
solamente. Si usted introduce este comando en un sistema que ya ha configurado, el
comando borrará la configuración. Si usted borra accidentalmente la configuración en un
sistema ya configurado, introduzca el comando write memory (escribir memoria) para
guardar la configuración en ejecución en el archivo startup-config.
CAUTION: When you connect a fan cable to a fan connector on the backplane, make sure the red wire in
the connector is on the right side (for horizontally oriented connectors) or facing down (for
vertically oriented connectors). If you accidentally reverse the wires, the fan will not operate.
Also, make sure the fan cable connector is seated over all three pins on the backplane
connector.
VORSICHT: Wenn Sie einen Ventilator an den Ventilatoranschlussstecker auf der Rückplatine
anschließen, müssen Sie sicherstellen, dass sich der rote Draht im Anschlussstecker rechts
befindet (bei waagerecht angeordneten Anschlusssteckern) oder nach unten weist (bei
senkrecht angeordneten Anschlusssteckern). Wenn Sie die Drähte aus Versehen
vertauschen, läuft der Ventilator nicht.
Stellen Sie auch sicher, dass der Anschlussstecker des Ventilatorkabels auf allen drei Stiften
am Rückplatinen-Anschlussstecker sitzt.
MISE EN GARDE: Lorsque vous connectez le câble d'un ventilateur à un connecteur de ventilateur sur la face
arrière, vérifiez que le fil rouge dans le connecteur est bien sur le côté droit (pour les
connecteurs orientés horizontalement) ou vers le bas (pour les connecteurs orientés
verticalement). Si vous inversez les fils, le ventilateur ne fonctionnera pas.
De plus, vérifiez que le connecteur du câble du ventilateur est bien en place sur les trois
broches du connecteur de la face arrière.
PRECAUCIÓN: Cuando conecte un cable de ventilador a un conector de ventilador en el enchufe posterior,
verifique que el cable rojo del conector está en el lado derecho (para conectores orientados
horizontalmente) u orientado hacia abajo (para conectores orientados verticalmente). Si
usted invierte los cables accidentalmente, el ventilador no funcionará.
Asimismo, verifique que el conector del cable del ventilador queda asentado sobre las tres
clavijas en el conector del enchufe posterior.
Warnings
A warning calls your attention to a possible hazard that can cause injury or death. The following are the warnings
used in this manual.
"Achtung" weist auf eine mögliche Gefährdung hin, die zu Verletzungen oder Tod führen können. Sie finden die
folgenden Warnhinweise in diesem Handbuch:
Un avertissement attire votre attention sur un risque possible de blessure ou de décès. Ci-dessous, vous
trouverez les avertissements utilisés dans ce manuel.
Una advertencia le llama la atención sobre cualquier posible peligro que pueda ocasionar daños personales o la
muerte. A continuación se dan las advertencias utilizadas en este manual.
WARNING: The procedures in this manual are for qualified service personnel.
ACHTUNG: Die Verfahren in diesem Handbuch sind nur für qualifiziertes Wartungspersonal gedacht.
AVERTISSEMENT: Les procédures décrites dans ce manuel doivent être effectuées par le personnel de service
qualifié uniquement.
ADVERTENCIA: Los procedimientos de este manual se han hecho para personal de servicio cualificado.
WARNING: All fiber-optic interfaces except LHB interfaces use Class 1 Lasers.
ACHTUNG: Alle Glasfaser-Schnittstellen verwenden Laser der Klasse 1.
AVERTISSEMENT: Toutes les interfaces en fibres optiques utilisent des lasers de classe 1.
ADVERTENCIA: Todas las interfaces de fibra óptica usan Láser de Clase 1.
WARNING: Before beginning the installation, see the precautions in "Power Precautions" on page 2-4.
ACHTUNG: Vor der Installation siehe Vorsichtsmaßnahmen unter " Power Precautions "
(Vorsichtsmaßnahmen in Bezug auf elektrische Ablagen) auf den Seiten 2 - 4.
AVERTISSEMENT: Avant de commencer l'installation, consultez les précautions décrites dans " Power
Precautions " (Précautions quant à l'alimentation), pages 2-4.
ADVERTENCIA: Antes de comenzar la instalación, consulte las precauciones en la sección " Power
Precautions" (Precauciones sobre corriente) que se encuentra en las páginas 2-4.
WARNING: Disconnect the power cord from all power sources to completely remove power from the
device.
ACHTUNG: Ziehen Sie das Stromkabel aus allen Stromquellen, um sicherzustellen, dass dem Gerät kein
Strom zugeführt wird.
AVERTISSEMENT: Débranchez le cordon d'alimentation de toutes les sources d'alimentation pour couper
complètement l'alimentation du dispositif.
ADVERTENCIA: Para desconectar completamente la corriente del instrumento, desconecte el cordón de
corriente de todas las fuentes de corriente.
WARNING: Do not lift the 15-slot chassis using the lifting handles unless the chassis is empty. Remove
the power supplies and interface modules before lifting the chassis.
ACHTUNG: Sie dürfen das 15-Steckplatz-Chassis nur dann an den Hebegriffen anheben, wenn das
Chassis leer ist. Trennen Sie die Netzteile und Schnittstellenmodule vor dem Anheben des
Chassis ab.
AVERTISSEMENT: Ne soulevez le châssis à 15 slots à l'aide des poignées de levage que si le châssis est vide.
Enlevez les blocs d'alimentation et les modules d'interface avant de soulever le châssis.
ADVERTENCIA: No alce el chasis de 15 ranuras usando las asas de alzado a menos que el chasis esté vacío.
Retire los suministros de corriente y los módulos de interfaz antes de alzar el chasis.
WARNING: Do not use the handles on the power supply units to lift or carry a Routing Switch.
ACHTUNG: Die Griffe an den Netzteilen dürfen nicht zum Anheben oder Tragen eines Chassisgeräts
verwendet werden.
AVERTISSEMENT: N'utilisez pas les poignées des unités de bloc d'alimentation pour soulever ou porter un
dispositif en châssis.
ADVERTENCIA: No use las asas de las unidades de suministro de corriente para alzar o transportar un
instrumento de chasis.
WARNING: If the installation requires a different power cord than the one supplied with the device, make
sure you use a power cord displaying the mark of the safety agency that defines the
regulations for power cords in your country. The mark is your assurance that the power cord
can be used safely with the device.
ACHTUNG: Falls für die Installation ein anderes Stromkabel erforderlich ist (wenn das mit dem Gerät
gelieferte Kabel nicht passt), müssen Sie sicherstellen, dass Sie ein Stromkabel mit dem
Siegel einer Sicherheitsbehörde verwenden, die für die Zertifizierung von Stromkabeln in
Ihrem Land zuständig ist. Das Siegel ist Ihre Garantie, dass das Stromkabel sicher mit Ihrem
Gerät verwendet werden kann.
AVERTISSEMENT: Si l'installation nécessite un cordon d'alimentation autre que celui fourni avec le dispositif,
assurez-vous d'utiliser un cordon d'alimentation portant la marque de l'organisation
responsable de la sécurité qui définit les normes et régulations pour les cordons
d'alimentation dans votre pays. Cette marque vous assure que vous pouvez utiliser le cordon
d'alimentation avec le dispositif en toute sécurité.
ADVERTENCIA: Si la instalación requiere un cordón de corriente distinto al que se ha suministrado con el
instrumento, verifique que usa un cordón de corriente que venga con la marca de la agencia
de seguridad que defina las regulaciones para cordones de corriente en su país. Esta marca
será su garantía de que el cordón de corriente puede ser utilizado con seguridad con el
instrumento.
WARNING: Make sure that the power source circuits are properly grounded, then use the power cord
supplied with the device to connect it to the power source.
ACHTUNG: Stellen Sie sicher, dass die Stromkreise ordnungsgemäß geerdet sind. Benutzen Sie dann
das mit dem Gerät gelieferte Stromkabel, um es an die Srromquelle anzuschließen.
AVERTISSEMENT: Vérifiez que les circuits de sources d'alimentation sont bien mis à la terre, puis utilisez le
cordon d'alimentation fourni avec le dispositif pour le connecter à la source d'alimentation.
ADVERTENCIA: Verifique que circuitos de la fuente de corriente están conectados a tierra correctamente;
luego use el cordón de potencia suministrado con el instrumento para conectarlo a la fuente
de corriente.
WARNING: Make sure the rack or cabinet housing the device is adequately secured to prevent it from
becoming unstable or falling over.
ACHTUNG: Stellen Sie sicher, dass das Gestell oder der Schrank für die Unterbringung des Geräts auf
angemessene Weise gesichert ist, so dass das Gestell oder der Schrank nicht wackeln oder
umfallen kann.
AVERTISSEMENT: Vérifiez que le bâti ou le support abritant le dispositif est bien fixé afin qu'il ne devienne pas
instable ou qu'il ne risque pas de tomber.
ADVERTENCIA: Verifique que el bastidor o armario que alberga el instrumento está asegurado correctamente
para evitar que pueda hacerse inestable o que caiga.
WARNING: Mount the devices you install in a rack or cabinet as low as possible. Place the heaviest
device at the bottom and progressively place lighter devices above.
ACHTUNG: Montieren Sie die Geräte im Gestell oder Schrank so tief wie möglich. Platzieren Sie das
schwerste Gerät ganz unten, während leichtere Geräte je nach Gewicht (je schwerer desto
tiefer) darüber untergebracht werden.
AVERTISSEMENT: Montez les dispositifs que vous installez dans un bâti ou support aussi bas que possible.
Placez le dispositif le plus lourd en bas et le plus léger en haut, en plaçant tous les dispositifs
progressivement de bas en haut du plus lourd au plus léger.
ADVERTENCIA: Monte los instrumentos que instale en un bastidor o armario lo más bajos posible. Ponga el
instrumento más pesado en la parte inferior y los instrumentos progresivamente más livianos
más arriba.
WARNING: Power supplies are hot swappable. However, Hewlett-Packard recommends that you
disconnect the power supply from AC power before installing or removing the supply. The
device can be running while a power supply is being installed or removed, but the power
supply itself should not be connected to a power source. Otherwise, you could be injured or
the power supply or other parts of the device could be damaged.
ACHTUNG: Netzteile können unter Strom stehend ausgetauscht werden. Allerdings empfiehlt Hewlett-
Packard, dass Sie das Netzteil vom Netzstrom abtrennen, bevor Sie das Netzteil anschließen
oder abtrennen. Das Gerät kann während des Anschließens oder Abnehmens des Netzteils
laufen. Nur das Netzteil sollte nicht an eine Stromquelle angeschlossen sein. Ansonsten
können Sie verletzt oder das Netzteil bzw. andere Geräteteile beschädigt werden.
AVERTISSEMENT: Les blocs d'alimentation peuvent être changés à chaud. Cependant, Hewlett-Packard vous
conseille de débrancher le bloc d'alimentation de l'alimentation C.A. avant d'installer ou
d'enlever le bloc d'alimentation. Le dispositif peut être en cours de fonctionnement pendant
que vous installez ou enlevez un bloc d'alimentation, mais le bloc d'alimentation lui-même ne
doit pas être connecté à une source d'alimentation. Sinon, vous risquez d'être blessé ou le
bloc d'alimentation ou d'autres pièces du dispositif risquent d'être endommagés.
ADVERTENCIA: Los suministros de corriente pueden intercambiarse sin necesidad de ajustes. No obstante,
Hewlett-Packard recomienda que desconecte el suministro de corriente de la toma de
corriente alterna antes de instalar o retirar el suministro. El instrumento puede estar activado
cuando se esté instalando o retirando un suministro de corriente, pero el suministro de
corriente en sí no deberá estar conectado a la fuente de corriente. De no hacerlo así, podría
sufrir daños personales o el suministro de corriente u otras piezas podrían resultar dañadas.
WARNING: The Routing Switches are very heavy, especially when fully populated with modules and
power supplies. TWO OR MORE PEOPLE ARE REQUIRED WHEN LIFTING, HANDLING,
OR MOUNTING THESE DEVICES.
ACHTUNG: Die Chassisgeräte sind sehr schwer. Dies gilt inbesondere, wenn sie mit vielen Modulen und
Netzteilen bestückt sind. FÜR DAS ANHEBEN, TRANSPORTIEREN ODER MONTIEREN
DIESER GERÄTE SIND WENIGSTENS ZWEI PERSONEN ERFORDERLICH.
AVERTISSEMENT: Les dispositifs en châssis sont très lourds, surtout s'ils sont entièrement remplis de modules
et de blocs d'alimentation. POUR SOULEVER, MANIPULER OU MONTER CES
DISPOSITIFS, DEUX PERSONNES MINIMUM SONT NÉCESSAIRES.
ADVERTENCIA: Los instrumentos del chasis son más pesados, especialmente cuando están muy cargados
con módulos y suministros de corriente. SE REQUERIRÁN DOS O MÁS PERSONAS
CUANDO ESTOS INSTRUMENTOS SE VAYAN A ALZAR, MANEJAR O MONTAR.
WARNING: To avoid risk of shock, do not attach the clip end to the air flow panel of the power supply.
ACHTUNG: Das Klemmemende darf nicht an die Belüftungsplatte des Netzteils angeschlossen werden.
Andernfalls setzen Sie sich dem Risiko eines elektrischen Schlags aus.
AVERTISSEMENT: Pour éviter le risque de choc électrique, n'attachez pas l'extrémité du clip au panneau de
circulation d'air du bloc d'alimentation.
ADVERTENCIA: Para evitar riesgos de electrocución, no acople el extremo del clip al panel de flujo de aire del
suministro de corriente.
WARNING: You can lift the 4-slot and 8-slot Routing Switches when they contain modules and power
supplies. However, fully populated chassis are heavy. TWO OR MORE PEOPLE ARE
REQUIRED WHEN LIFTING, HANDLING, OR MOUNTING THESE DEVICES.
ACHTUNG: Sie können ein 4-Steckplatz- und 8-Steckplatz-Chassis anheben, das mit Modulen und
Netzteilen bestückt ist. Allerdings sind voll bestückte Chassis schwer. FÜR DAS ANHEBEN,
TRANSPORTIEREN ODER MONTIEREN DIESER GERÄTE SIND WENIGSTENS ZWEI
PERSONEN ERFORDERLICH.
AVERTISSEMENT: Vous pouvez soulever les dispositifs en châssis à 4 ou 8 slots lorsqu'ils contiennent des
modules et des blocs d'alimentation. Cependant, les châssis sont lourds quand ils sont
entièrement remplis. POUR SOULEVER, MANIPULER OU MONTER CES DISPOSITIFS,
DEUX PERSONNES MINIMUM SONT NÉCESSAIRES.
ADVERTENCIA: Puede alzar los instrumentos de chasis de 4 y 8 ranuras cuando contengan módulos y
suministros de corriente. Sin embargo, los chasis muy concurridos son pesados. SE
REQUERIRÁN DOS O MÁS PERSONAS CUANDO ESTOS INSTRUMENTOS SE VAYAN A
ALZAR, MANEJAR O MONTAR.
E - 10 June 2005
Index
Numerics Age
10 Gigabit Ethernet 5-1 MAC 6-30
10/100 Age interval
mode 6-24 IP multicast
1000BaseLx 2-7, D-2 Layer 2 12-1
1000BaseSx 2-7, D-2 Agency approvals D-5
1000BaseT D-2 Air Flow 2-18
100BaseFx D-2 Air Flow, Caution 2-4
802.1p Altitude D-5
QoS priority 11-5 Ambient temperature 2-4
802.1W 8-22 Ampere Ratings 2-3
bridge parameters 8-50 AppleTalk
bridge port roles 8-23 VLAN 11-3, 11-20
bridge port states 8-27 AppleTalk cable VLAN 11-1, 11-28
compatibility with 802.1D 8-48 configuring 11-62
convergence, link failure 8-42 Assigning
convergence, link restore 8-42 IP address 2-17
convergence, start up 8-39 password 2-15
edge port 8-25
edge port states 8-27 B
enable 8-49 Boot
handshake, no root port 8-28 software 15-10
handshake, with a root port 8-33 Broadcast
port parameters 8-51 filter 6-40
show 8-52 leaks 11-10
state machines 8-27 limiting 6-17
topology change 8-45 Buffer
802.3x Gigabit negotiation 6-26 Syslog A-10, A-12
9304M Routing Switch 2-11, 2-12
9308M Routing Switch 2-12 C
Cable
A AppleTalk VLAN 11-28
About Blocked Ports 7-38 length 2-21
Access Straight-through 2-13
CLI 2-24 straight-through 2-23
lost password 2-16
Access levels 2-15
Address
IP 2-17
V
Virtual interface 11-3, 11-12, 11-21
Virtual routing interface
VLAN 11-8
VLAN
AppleTalk cable 11-1, 11-28
broadcast leaks 11-10
configuring 11-1
default 11-4, 11-13
displaying information 11-63
displaying port information 11-64
displaying summary information 11-63
dynamic port 11-9, 11-31
aging 11-31
excluded port 11-10
IEEE tagging 6-34
IP subnet 11-1
IPX network 11-1
ISR 11-3, 11-12
Layer 2 port-based 11-1, 11-2
Layer 3 protocol-based 11-1, 11-3, 11-20
port-based 6-33, 11-13, 11-17
QoS priority 11-18
route 11-11
same subnet on multiple VLANs 11-33
static port 11-10
STP 11-7, 11-18
trunk group 11-11
types 11-1
virtual interface 11-3, 11-12, 11-21
June 2005